Update log4j to the latest version

perfsonar / maddash

The Monitoring and Debugging Dashboard (MaDDash) is a tool for collecting large amounts of inherently two-dimensional data and presenting it in visually useful ways.

Other

30 stars 8 forks source link

Update log4j to the latest version #103

Closed jonstout closed 1 month ago

jonstout commented 2 years ago

The current version of log4j used in this project is 1.2.9. The 1.X train of log4j was considered "end of life" in 2015, and numerous security vulnerabilities have been discovered throughout this package's lifetime. As such, use of security scanners like nessus and qualys will flag all systems running Maddash. For environments where regular security audits are performed, this adds additional burden on the operations and security teams.

Please update log4j to the latest version.

tmeader commented 1 month ago

@mfeit-internet2 Can this also be closed, in light of the state of MaDDash as noted in #114 ?

mfeit-internet2 commented 1 month ago

@tmeader All issues and pull requests will be closed and this repository will be archived shortly.