Open thomasredlin opened 1 year ago
In main POM and flexmark-docx-converter POM, there are dependencies to Log4j 1.2.17:
https://github.com/vsch/flexmark-java/blob/8142f8fb9b15031b99940bddaac6ff466949585d/flexmark-docx-converter/pom.xml#L104-L108 https://github.com/vsch/flexmark-java/blob/8142f8fb9b15031b99940bddaac6ff466949585d/flexmark/pom.xml#L75-L80
There a several known critical security vulnerabilities as can be seen here:
Please migrate to Log4j 2.17.1 as we now had to exclude these dependencies from our project manually.
In main POM and flexmark-docx-converter POM, there are dependencies to Log4j 1.2.17:
https://github.com/vsch/flexmark-java/blob/8142f8fb9b15031b99940bddaac6ff466949585d/flexmark-docx-converter/pom.xml#L104-L108 https://github.com/vsch/flexmark-java/blob/8142f8fb9b15031b99940bddaac6ff466949585d/flexmark/pom.xml#L75-L80
There a several known critical security vulnerabilities as can be seen here:
Please migrate to Log4j 2.17.1 as we now had to exclude these dependencies from our project manually.