Details
-
Dependency upgrade
-
Status: Resolved
-
Major
-
Resolution: Resolved
-
1.8.0
-
None
Description
shiro-web has a very old log4j dependency (log4j:log4j)
Snyk is reporting as a critical security issue (not sure it's actually is)
Shiro should upgrade to the latest 1.x (or 2.x) if necessary
Attachments
Issue Links
- is duplicated by
-
SHIRO-847 Log4j 1.x 版本的CVE-2022-23302/23305/23307在Apache Shiro 1.8.0版本是否受影响
- Closed
- links to