Closed rowannekabalan closed 2 years ago
This bumps the log4j version to latest "2.15.0", as well as lambdalog4j to version "1.3.0" as per AWS guidance here: https://aws.amazon.com/security/security-bulletins/AWS-2021-005/
These changes are required to mitigate an RCE exploit found in log4j. More details here: https://www.lunasec.io/docs/blog/log4j-zero-day/#how-the-exploit-works
What does this change?
This bumps the log4j version to latest "2.15.0", as well as lambdalog4j to version "1.3.0" as per AWS guidance here: https://aws.amazon.com/security/security-bulletins/AWS-2021-005/
These changes are required to mitigate an RCE exploit found in log4j. More details here: https://www.lunasec.io/docs/blog/log4j-zero-day/#how-the-exploit-works