search

wenbostar / PDV

PDV: an integrative proteomics data viewer
GNU General Public License v3.0
44 stars 20 forks source link

vulnerable log4j.jar file #30

Open schloegl opened 2 years ago

schloegl commented 2 years ago

When running log4j-detect on PDV-1.7.4, it identified the file PDV-1.7.4/lib/log4j-1.2.12.jar as vulnerable

That tool recommends to upgrade log4j to v2.17.1 from here https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core

KaiLiCn commented 2 years ago

Hi,

Really appreciate your remind. We will upgrade it soon.

Kai

schloegl commented 2 years ago

Thanks for the quick response. I'm looking forward to the fix.