Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
There is a critical vulnerability in Log4j, more information here: https://www.lunasec.io/docs/blog/log4j-zero-day/
- Loading branch information
8e7b55e
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi, does io.github.microutils:kotlin-logging:1.7.8 safe from the log4j vulnerability? or should I update to a newer version?
@stigkj @oshai
8e7b55e
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@yardenadam
1.7.8 is safe (as all kotlin-logging dependencies) as it depends on log4j only for it's internal tests.
If you want to be on the safe side update also kotlin-logging to latest (2.1.16)
8e7b55e
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@oshai Thanks!!