UmmerS
commented
11 months ago We see Log4j 1.x is used which is causing tf to be vulnerable. Is there way to mitigate this
@rohan2001 have you got any solution for this issue.
Closed rohan2001 closed 11 months ago
UmmerS
commented
11 months ago We see Log4j 1.x is used which is causing tf to be vulnerable. Is there way to mitigate this
@rohan2001 have you got any solution for this issue.
rohan2001
commented
11 months ago @UmmerS I havent got the solution yet. Do let me know if there is any alternative available
UmmerS
commented
11 months ago @eric-milles please update log4j for latest version and release new version 14.138.0 Many are facing this issue Thanks in advance.
UmmerS
commented
11 months ago @eric-milles Thanks for update to log4j-1.2.17.jar But log4j-1.2.17.jar is also vulnerable need to migrate to Log4j v2
eric-milles
commented
11 months ago @UmmerS It is a work in progress. Log4j 2 is not a drop-in replacement since Team Explorer extends FileAppender and uses DOMConfigurator and PropertyConfigurator. https://logging.apache.org/log4j/2.x/manual/migration.html#limitations-of-the-log4j-1-x-bridge
rohan2001
commented
11 months ago @UmmerS @eric-milles what is the fix. New version released?
rohan2001
commented
11 months ago @UmmerS @eric-milles Steps to mitigate vulnerability
eric-milles
commented
11 months ago a release is coming shortly
We see Log4j 1.x is used which is causing tf to be vulnerable. Is there way to mitigate this