You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Seems that analysis-kotlin-descriptors-1.9.10.jar is bundled with log4j version 1.2.17.2. DependencyCheck is marking it CRITICAL via .gradle/caches/modules-2/files-2.1/org.jetbrains.dokka/analysis-kotlin-descriptors/1.9.10/.../analysis-kotlin-descriptors-1.9.10.jar/META-INF/maven/log4j/log4j/pom.xml
Expected behaviour
Upgrade to log4j version without security issues.
Describe the bug
Similar to #2488
Seems that analysis-kotlin-descriptors-1.9.10.jar is bundled with log4j version 1.2.17.2. DependencyCheck is marking it
CRITICAL
via.gradle/caches/modules-2/files-2.1/org.jetbrains.dokka/analysis-kotlin-descriptors/1.9.10/.../analysis-kotlin-descriptors-1.9.10.jar/META-INF/maven/log4j/log4j/pom.xml
Expected behaviour
Upgrade to log4j version without security issues.
To Reproduce
Check the dependency tree
Installation
Operating system: Linux
Build tool: Gradle v8.5
Dokka version: 1.9.10 & 1.9.20
The text was updated successfully, but these errors were encountered: