log4j12: uses version with CVEs only via invoker

openzipkin / brave

Java distributed tracing implementation compatible with Zipkin backend services.

Apache License 2.0

2.35k stars 714 forks source link

Closed codefromthecrypt closed 5 months ago

codefromthecrypt commented 5 months ago

snyk finally got me to do this ;) If folks are ok with this, I'll do similar for spring-beans which also shows up as a critical main CVE.

codefromthecrypt commented 5 months ago

cool. will do similar for spring-beans and also in zipkin-reporter, if we aren't already ..