in light of the recent log4shell attack, we were wondering if it wouldn't be better to bump the version of log4j. We fear the configuration export might be vulnerable to malformed names in e.g. Overrides.
If that's a valid concern, is it enough to simply bump the log4j version?
Hi everyone,
in light of the recent log4shell attack, we were wondering if it wouldn't be better to bump the version of log4j. We fear the configuration export might be vulnerable to malformed names in e.g. Overrides.
If that's a valid concern, is it enough to simply bump the log4j version?
Cheers, Stefan