log4shell vulnerability

39 views
Skip to first unread message

riou...@gmail.com

unread,
Dec 14, 2021, 9:44:42 AM12/14/21
to onebusaway-developers
Hello all,

Following the recent discovery of the log4shell exploit, I have been looking at our in-house  OBA instances we use for testing as well as a couple of our own applications that make use of your org.onebusaway.gtfs module. I found that they do depend on the log4j library and therefore could be vulnerable.

Are there any way to update the log4j version used to version 2.15.0 containing the patch?

Sean Barbeau

unread,
Dec 14, 2021, 2:01:10 PM12/14/21
to onebusaway-developers

riou...@gmail.com

unread,
Dec 14, 2021, 2:46:43 PM12/14/21
to onebusaway-developers
Thank you for your quick reply
Reply all
Reply to author
Forward
0 new messages