AsciidocFX 1.7.4 bundles old log4j 1.2.17

asciidocfx / AsciidocFX

Asciidoc Editor and Toolchain written with JavaFX 21 (Build PDF, Epub, Mobi and HTML books, documents and slides)

http://www.asciidocfx.com/

Apache License 2.0

1.86k stars 296 forks source link

Closed lopsotronic closed 1 year ago

lopsotronic commented 2 years ago

AsciidocFX showing up on local vulnerability reports.

AsciidocFX //lib/log4j-1.2.14.jar contains Log4J-1.X <= 1.2.17, which is considered a critical vulnerability.

rahmanusta commented 1 year ago

Thank you, it has already been fixed.