Closed tuxmaster5000 closed 2 years ago
Hi developers, it will use log4j < 2.15.0, in which it was fixed.
rock uses logback. If the log4j lib is within the distribution, it is a third party library dependency, but it is not used. I will explicitly exclude it.
Thanks, then we can mark this as secure.
Hi developers, it will use log4j < 2.15.0, in which it was fixed.