Details
-
Task
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
This task involves migrating the following dependencies from Log4j 1.x to Log4j 2.x due to CVE-2019-17571:
- log4j:log4j -> org.apache.logging.log4j:log4j-api-2.16.0
- org.slf4j:slf4j-log4j12 -> org.apache.logging.log4j:log4j-slf4j-impl-2.16.0
Also, due to CVE-2021-44228 (which only affects Log4j2) it is necessary to use version 2.16.0 at a minimum.