You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is a follow up on #19300 and #19360 after the report of CVE-2021-44832 which updates the internal constraints to Log4j 2.17.1.
The following has been done in Gradle:
Ensure Zinc compiler does not put a vulnerable Log4j on a classpath. This is done by upgrading log4j-core to 2.17.1 on the zinc compiler classpath when using the scala plugin.
Protect buildscript classpath from having vulnerable Log4j. This is done by adding a constraint that rejects known vulnerable versions [2.0, 2.17.1)and requires2.17.1`
This is a follow up on #19300 and #19360 after the report of CVE-2021-44832 which updates the internal constraints to Log4j 2.17.1.
The following has been done in Gradle:
log4j-core
to2.17.1
on the zinc compiler classpath when using the scala plugin.and requires
2.17.1`More information on our blog post.
The text was updated successfully, but these errors were encountered: