Closed ckiosidis closed 2 years ago
We only use it for testing. It should not affect our users and our tests don't read input. Nevertheless it's good to upgrade.
Do you need a release? Is some internal tool of yours reporting this?
Yes please, a release would be nice. The library is used here https://github.com/flyteorg/flytekit-java/blob/master/pom.xml#L241-L246 Thank you
I just release 2.3.0, it may take a moment until it shows up in Maven Central. The POM should be flattened now so that log4j2 should no longer appear.
use the latest log4j https://logging.apache.org/log4j/2.x/security.html