dragoangel
commented
2 years ago +1, but from what I see this app can't be exploited actually in any way. Except changing configs - which mean that you already control host. So fix should be applied just to not trigger security teams by vulnerable library in jar.
Are there plans to add fix for log4j vulnerability for this exporter
https://www.zdnet.com/article/apache-releases-new-2-17-0-patch-for-log4j-to-solve-denial-of-service-vulnerability/