[rock-1.0.11] use CVE-2021-44228 affected log4j lib

obiba / rock

R server with a REST API

GNU General Public License v3.0

3 stars 1 forks source link

[rock-1.0.11] use CVE-2021-44228 affected log4j lib #11

Closed tuxmaster5000 closed 2 years ago

tuxmaster5000 commented 2 years ago

Hi developers, it will use log4j < 2.15.0, in which it was fixed.

ymarcon commented 2 years ago

rock uses logback. If the log4j lib is within the distribution, it is a third party library dependency, but it is not used. I will explicitly exclude it.

tuxmaster5000 commented 2 years ago

Thanks, then we can mark this as secure.