Update log4j to non-vulnerable version

zalando-stups / kio

The application registry in the STUPS ecosystem

http://docs.stups.io/en/latest/components/kio.html

Other

23 stars 11 forks source link

Update log4j to non-vulnerable version #133

Closed oporkka closed 2 years ago

oporkka commented 2 years ago

Remove log4j dependency from friboo to update it explicitly to non-vulnerable version 2.15.0 (Log4Shell fix).

Seems that kio is using old Friboo version 1.13.0 whereas the latest version is having major update (2.0.x) so this was chosen as a faster way to update.

tkrop commented 2 years ago

:+1:

oporkka commented 2 years ago

Closing in favour of #132