Closed DhashS closed 2 years ago
I am doing this change now, the code has been patched (it was just to bump the version), and the 0.6.0 release should have these fixes in the release.
Looks like it's all gone through and the new release is in Sonatype
Published. Please check for version 0.6.0
Thanks!
Hey @mmarquee, thanks for this great library! This is one of our last remaining dependencies to address the recent log4j vulnerability CVE-2021-44228. Can you publish a minor version bump that has the updated log4j dependency? Dependabot has merged the update for
2.16.0
, in which the CVE is fixed, this issue is specifically to track the status of the maven artifact.