Open bvallabhaneni opened 2 years ago
@bvallabhaneni There is no way if pom.properties is not embedded. Another detection method (e.g. hash comparison) is required to implement it, however I don't have much time right now.
@bvallabhaneni Would you test v3.0.1 release? It can detect log4j version without pom.properties.
The scanner is looking for The scan tool uses the following file to determine the log4j version and in the embedded jar ant is removing this file. is there a way not to flag 2.17.1 as effected? META-INF/maven/org.apache.logging.log4j/log4j-core/pom.properties