log4j (security vulnerability?)
beedaddy opened this issue · comments
It seems that ma1sd is using log4j:
> jar tf ma1sd.jar | grep log4
> com/mchange/v2/log/log4j2/
> com/mchange/v2/log/log4j2/MLogAppender.class
> com/mchange/v2/log/log4j/
> com/mchange/v2/log/log4j/Log4jMLog$Log4jMLogger.class
> com/mchange/v2/log/log4j2/Log4j2MLog$Log4jMLogger.class
> com/mchange/v2/log/log4j2/Log4j2MLog.class
> com/mchange/v2/log/log4j/Log4jMLog.class
Due to the known security vulnerability of log4j, is there a quick patch in sight?
Those are just an adapter that won't work without log4j installed. ma1sd uses slf4j for logging: https://github.com/ma1uta/ma1sd/blob/master/build.gradle#L91-L92