convergencelabs / convergence-project

The project used for Convergence Project Management and Issue Reporting
https://convergence.io
42 stars 5 forks source link

Log4j2 vulnerability #262

Closed toebes closed 2 years ago

toebes commented 2 years ago

Versions Please fill in all that apply:

Describe the Bug Convergence appears to use Log4J2 which is known to have a major vulnerability https://nvd.nist.gov/vuln/detail/CVE-2021-44228

Step To Reproduce There are multiple ways to exploit Log4J2 but the mitigation is well documented.

Expected Behavior There should be an updated release of Convergence which isn't affected by the vulnerability

mmacfadden commented 2 years ago

This has been fixed.