Update log4j to 2.15 - Githubissues

facebook / buck

A fast build system that encourages the creation of small, reusable modules over a variety of platforms and languages.

https://buck.build

Apache License 2.0

8.56k stars 1.16k forks source link

Closed scottcao closed 2 years ago

scottcao commented 2 years ago

Summary: Updates log4j to avoid a 0day RCE vulnerability. See https://www.lunasec.io/docs/blog/log4j-zero-day/

Reviewed By: suitingtseng, mykola-semko, rajyengi

fbshipit-source-id: 71a46dad938206cdd34139298e71ea096f84965e

shepting commented 2 years ago

I think that 2.2.17 is out now to fix an infinite recursion DoS. We likely would want that.