search

prisma / prisma1

💾 Database Tools incl. ORM, Migrations and Admin UI (Postgres, MySQL & MongoDB) [deprecated]
https://v1.prisma.io/docs/
Apache License 2.0
16.54k stars 862 forks source link

log4j - CVE-2021-4428 #5177

Closed hitech95 closed 2 years ago

hitech95 commented 2 years ago

Describe the bug Is prisma v1 effected? Will be updated to fix the issue?

thecodeboss commented 2 years ago

Looking at the Scala dependencies file, looks like prisma server may not be affected. The version here is 1.2.17, but the Log4j website reports it only affects versions >=2.0-beta9 and <=2.14.1.

It would be great if someone more experienced with maintaining the project could weigh in though, as I've only scratched the surface here.

dpetrick commented 2 years ago

Prisma 1 is not affected. As stated above, we use 1.x of log4j, which is not a vulnerable version.