Details
-
Dependency upgrade
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
doxia-linkcheck-1.2
-
None
Description
It also has known security issues. Do we really need this in our classpath?
A security vulnerability, CVE-2019-17571 has been identified against Log4j 1. Log4j includes a SocketServer that accepts serialized log events and deserializes them without verifying whether the objects are allowed or not. This can provide an attack vector that can be expoited. Since Log4j 1 is no longer maintained this issue will not be fixed. Users are urged to upgrade to Log4j 2.
Attachments
Attachments
Issue Links
- links to