Hi, there has been a 0-day exploit found in log4j see https://www.lunasec.io/docs/blog/log4j-zero-day/ it looks like this package has it as a dependency, is there any concern for users that have installed this package as a dev dependency? Thank you.
The link is talking about log4j2 package for Java, while we use log4js package for JavaScript. Therefore we don't use the affected package and karma users are not affected.
Hi, there has been a 0-day exploit found in log4j see https://www.lunasec.io/docs/blog/log4j-zero-day/ it looks like this package has it as a dependency, is there any concern for users that have installed this package as a dev dependency? Thank you.