Closed rohan2001 closed 11 months ago
We see Log4j 1.x is used which is causing tf to be vulnerable. Is there way to mitigate this
@rohan2001 have you got any solution for this issue.
@UmmerS I havent got the solution yet. Do let me know if there is any alternative available
@eric-milles please update log4j for latest version and release new version 14.138.0 Many are facing this issue Thanks in advance.
@eric-milles Thanks for update to log4j-1.2.17.jar But log4j-1.2.17.jar is also vulnerable need to migrate to Log4j v2
@UmmerS It is a work in progress. Log4j 2 is not a drop-in replacement since Team Explorer extends FileAppender
and uses DOMConfigurator
and PropertyConfigurator
. https://logging.apache.org/log4j/2.x/manual/migration.html#limitations-of-the-log4j-1-x-bridge
@UmmerS @eric-milles what is the fix. New version released?
@UmmerS @eric-milles Steps to mitigate vulnerability
a release is coming shortly
We see Log4j 1.x is used which is causing tf to be vulnerable. Is there way to mitigate this