VIVO is an extensible semantic web application for research discovery and showcasing scholarly work
BSD 3-Clause "New" or "Revised" License
205
stars
129
forks
source link
Log4j security vulnerability for VIVO 1.14.0 #3944
Closed
chenejac closed 3 weeks ago
Describe the bug slf4j-log4j12 version 1.7.26 depends on log4j 1.2.17 (source - https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12/1.7.26). This is not fixed for VIVO 1.14. A patch for mitigation this vulnerability should be released (1.14.1)
To Reproduce Run some vulnerability scanner
Expected behavior Upgrade slf4j-log4j12 version in pom.xml file