Closed sshedi closed 2 years ago
satya-rajesh
commented
2 years ago could you also please update log4j in vmidentity/rest/idm/samples/pom.xml.
There are log4j vulnerabilities reported on this file by github:
[SQL Injection in Log4j 1.2.x ]Critical log4j:log4j (Maven) · vmidentity/rest/idm/samples/pom.xml Users should upgrade to Log4j 2
[Deserialization of Untrusted Data in Log4j 1.x ]High log4j:log4j (Maven) · vmidentity/rest/idm/samples/pom.xml · Users should upgrade to Log4j 2
sshedi
commented
2 years ago I think this file is okay.
It is using vmidentity/rest/idm/samples/pom.xml:99: <version>${log4j.12.api.version}</version>
this is defined in vmidentity/pom.xml:334: <log4j.12.api.version>2.17.2</log4j.12.api.version>
So we are good here.
satya-rajesh
commented
2 years ago changes look to me. a small question, did we build with this change ?
sshedi
commented
2 years ago Built lightwave on Photon-3.0 & build is fine.
satya-rajesh
commented
2 years ago Built lightwave on Photon-3.0 & build is fine.
Looks good to me, thanks for the update.
cc: @suezzelur @tapakund @satya-rajesh