Details
-
Request
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
-
None
Description
There are vulnerabilities in this project (https://javalibs.com/artifact/org.apache.james.jspf/apache-jspf-resolver), which are caused by Log4J, which is no longer maintained.
I would really appreciate if a new deployment could be made based on the latest commit https://github.com/apache/james-jspf/commit/6b12046c67d1a3edea8c226a143e86ef76fc6922 that drops Log4J, and thus should fix all vulnerabilities.