Visibility on the usage of Log4j
mahulivishal opened this issue · comments
I wanted to know what is the version of the log4j being used (if used) in this project? This is in regard to the log4j <= 2.14.1 vulnerability. http://mail-archives.us.apache.org/mod_mbox/www-announce/202112.mbox/%3C643bc702-4b46-411b-4980-1fcf637dbb11%40apache.org%3E
Hi @mahulivishal, this project relies on the spring boot dependency management feature. As soon as you follow their recommendation, you will be covered.
https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot