Closed tuxmaster5000 closed 2 years ago
In the rpm package I found an old log4j version:
rpm -ql mica2|grep log /etc/mica2/logback.xml /usr/share/doc/mica2/changelog /usr/share/mica2-4.6.3/webapp/WEB-INF/lib/jboss-logging-3.3.2.Final.jar /usr/share/mica2-4.6.3/webapp/WEB-INF/lib/log4j-1.2.17.jar /usr/share/mica2-4.6.3/webapp/WEB-INF/lib/log4j-over-slf4j-1.7.26.jar /usr/share/mica2-4.6.3/webapp/WEB-INF/lib/logback-classic-1.2.3.jar /usr/share/mica2-4.6.3/webapp/WEB-INF/lib/logback-core-1.2.3.jar /usr/share/mica2-4.6.3/webapp/WEB-INF/lib/logstash-logback-encoder-6.6.jar /usr/share/mica2-4.6.3/webapp/WEB-INF/lib/spring-boot-starter-logging-1.5.22.RELEASE.jar /usr/share/mica2-4.6.3/webapp/app/admin/views/logs.html /usr/share/mica2-4.6.3/webapp/app/views/login.html /usr/share/mica2-4.6.3/webapp/assets/images/mica-logo.png
And only 2.15.0 are save.
Mica uses logback. These are third party libs dependencies, not being used, I will exclude them.
Thanks
In the rpm package I found an old log4j version:
And only 2.15.0 are save.