log4j
mkunzecw opened this issue · comments
mkunzecw commented
The debian releases contain vulnerable log4j version
Marat Radchenko commented
Are you aware of any log4j version that is not vulnerable?
2.17.0 is also broken: https://nvd.nist.gov/vuln/detail/CVE-2021-44832
Marat Radchenko commented
Possibly the proper fix is to get rid of log4j completely.
Marat Radchenko commented
git-as-svn 2.0.0 was just released. It includes log4j 2.17.1.
mkunzecw commented
agree, but thanks for the fix!