Open SnDsound opened 2 years ago
Hey Peter,
i am not a contributor nor a java developer, here is what my research come out with:
I would say there is nothing to concern about but i am not a security expert.
Regards, Tobi
Hey Peter,
i am not a contributor nor a java developer, here is what my research come out with:
- Nothing with log4j in the repo (usually you would have some log4j configuration flying around): https://github.com/lmenezes/cerebro/search?q=log4j
- It makes use of logback fileAppender (which is not using log4j): https://github.com/lmenezes/cerebro/blob/main/conf/logback.xml#L5
I would say there is nothing to concern about but i am not a security expert.
Regards, Tobi
I confirm, this PR can be closed
Hi,
Is cerebro impacted by CVE-2021-44228 (Apache Log4j) vulnerability? Is a possibility to pass "-Dlog4j2.formatMsgNoLookups=true" for java by environment variable in docker compose?
Regards, Peter