-
-
Notifications
You must be signed in to change notification settings - Fork 109
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Apache Log4j Security Vulnerabilities #206
Comments
Thank you for reporting an issue. See the wiki for documentation and slack for questions. |
fixed in #207 - and anyway since this is just used in tests, there isn't a real risk for users. |
Some more background on the issue, copied from #207.
It means that this dependency does not pass transitively to users of kotlin-logging, and therfore users don't need to upgrade kotlin-logging itself. You can also see that in the pom that is generated for kotlin-logging. Hope that clears things a bit more. |
i want to know about necessity of update this library version update.
found log4j version v2.14.1 for this library.
this version is under vulnerabilities.
but it only use in jvmTest.
https://github.com/MicroUtils/kotlin-logging/blob/master/build.gradle.kts
I'm sorry, but i cant judge necessity of this Vulnerability affects for service.
sorry for my poor English.
▼official
https://logging.apache.org/log4j/2.x/security.html
The text was updated successfully, but these errors were encountered: