Closed mreinhardt closed 2 years ago
Leiningen does not use log4j, and even if it did, it already gives you full access to execute code without using the exploit.
If you have a specific concern we can address it, but this does not look like an actionable issue to me.
Is the log4j vulnerability an issue with projects built using Leiningen?
See: https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance
Does anything need to be upgraded to the patched log4j version?