siddhi rely on LOG4j1.x. Is it affected by vulnerability CVE-2022-23302/23305/23307?

Question

winter-wu opened this issue 3 years ago · comments

siddhi rely on LOG4j1.x. Is it affected by vulnerability CVE-2022-23302/23305/23307?
version：v5.0.0, v5.1.11, v5.1.19

Anusha Jayasundara · Answer 1 · Mon Jan 24 2022 13:30:33 GMT+0800 (China Standard Time)

We are currently working on upgrading to log4j latest version.

sebastian-alvis · Answer 2 · Wed Feb 02 2022 01:56:04 GMT+0800 (China Standard Time)

@AnuGayan does the team have an estimated completion time for the log4j upgrade?