search

spring-projects / spring-statemachine

Spring Statemachine is a framework for application developers to use state machine concepts with Spring.
1.54k stars 604 forks source link

Look log4j dep version #993

Open jvalkeal opened 3 years ago

jvalkeal commented 3 years ago

While doing gradle build update:

Errors occurred while build effective model from /home/jvalkealahti/.gradle/caches/modules-2/files-2.1/log4j/log4j/1.2.16/88efb1b8d3d993fe339e9e2b201c75eed57d4c65/log4j-1.2.16.pom:
    'build.plugins.plugin[io.spring.gradle.dependencymanagement.org.apache.maven.plugins:maven-antrun-plugin].dependencies.dependency.scope' for junit:junit:jar must be one of [compile, runtime, system] but is 'test'. in log4j:log4j:1.2.16

We have defined log4j as 1.2.17 which removes that error/warning. Look if we can do without defining version.

Daanielvb commented 2 years ago

Any chance our current log4j asset is compromised by the recent vulnerabilities exposed in the end of 2021?