Skip to content

Commit

Permalink
Fix critical vulnerability in log4j
Browse files Browse the repository at this point in the history 
There is a critical vulnerability in Log4j, more information here:
https://www.lunasec.io/docs/blog/log4j-zero-day/
  • Loading branch information
@stigkj @oshai
stigkj authored and oshai committed Dec 10, 2021
1 parent 8ca5b54 commit 8e7b55e
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion versions.gradle.kts
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
extra["slf4j_version"] = "1.7.32"
extra["log4j_version"] = "2.14.1"
extra["log4j_version"] = "2.15.0"
extra["mockito_version"] = "1.10.19"
extra["junit_version"] = "5.8.2"

3 comments on commit 8e7b55e

@yardenadam
Copy link

@yardenadam yardenadam commented on 8e7b55e Dec 12, 2021
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, does io.github.microutils:kotlin-logging:1.7.8 safe from the log4j vulnerability? or should I update to a newer version?
@stigkj @oshai

@oshai
Copy link
Owner

@oshai oshai commented on 8e7b55e Dec 12, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@yardenadam

1.7.8 is safe (as all kotlin-logging dependencies) as it depends on log4j only for it's internal tests.
If you want to be on the safe side update also kotlin-logging to latest (2.1.16)

@yardenadam
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@oshai Thanks!!

Please sign in to comment.