Upgrade log4j-to-slf4j and log4j-api to 2.15.0.

eclipse-pass / pass-deposit-services

Deposit Services are responsible for the transfer of custodial content and metadata from end users to repositories.

Apache License 2.0

1 stars 4 forks source link

Closed emetsger closed 9 months ago

emetsger commented 2 years ago

I haven't clarified the exposure of SL4J to the log4j RCE vulnerability, but this is a simple fix to insure use of log4j 2.15.0.

rpoet-jh commented 9 months ago

The migration of PASS repositories to eclipse-pass is complete. This PR is no longer relevant and is being closed as part of archiving https://github.com/eclipse-pass/main/issues/585.