Toolkit uses a vulnerable version of log4j.
markheger opened this issue · comments
The toolkit includes log4j-1.2.17.jar, which has vulnerabilities CVE-2019-17571, CVE-2020-9488.
Upgrade to version org.apache.logging.log4j:log4j-core:2.13.3
IBMStreams / streamsx.objectstorage
The com.ibm.streamsx.objectstorage toolkit supports Object Storage services with S3 API like IBM Cloud Object Storage service.