Is there any impact of log4j vulnerability on the Opentest as there is an indirect dependency of log4j library in our Opentest-actor?

mcdcorp / opentest

Open source test automation tool for web applications, mobile apps and APIs

https://getopentest.org

MIT License

452 stars 108 forks source link

Is there any impact of log4j vulnerability on the Opentest as there is an indirect dependency of log4j library in our Opentest-actor? #534

Closed Naveenkumarnnk closed 2 years ago

Naveenkumarnnk commented 2 years ago

Hi @adrianth/Team,

These days we are listening to a lot on the log4j vulnerability issue. And most of the applications are upgrading the log4j libraries to the latest version.

So, Is there any impact on the Opentest? If Yes, then what can we do to resolve it and when can we expect the resolution?

Thank you.

adrianth commented 2 years ago

No, OpenTest is not impacted by the Log4j vulnerability, as it includes log4j-1.2.17.jar, whereas the JNDI lookup vulnerability was introduced in version 2.X. Also, Log4j is not used by OpenTest and it is only included as part of the dependency chain.

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.