Closed rtyley closed 2 years ago
https://github.com/sbt/sbt/releases/tag/v1.5.7 updates log4j 2 to 2.16.0, which disables JNDI lookup and fixes a denial of service vulnerability (CVE-2021-45046).
I've also stuck a small tweak to the buildinfo settings in, taking advantage of guardian/sbt-riffraff-artifact#33 .
This is a close twin of the changes in https://github.com/guardian/ophan-geoip-db-refresher/pull/12 !
https://github.com/sbt/sbt/releases/tag/v1.5.7 updates log4j 2 to 2.16.0, which disables JNDI lookup and fixes a denial of service vulnerability (CVE-2021-45046).
I've also stuck a small tweak to the buildinfo settings in, taking advantage of guardian/sbt-riffraff-artifact#33 .
This is a close twin of the changes in https://github.com/guardian/ophan-geoip-db-refresher/pull/12 !