You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Orbeon Forms
Hi Brian,
If you're worried about Log4Shell (CVE-2021-44228), version 2.23.1 is well past that (it was fixed in 2.17), and from what I can see on the page linked below, it has no known vulnerability. Some versions released after 2.23.1 do have vulnerabilities, but none affect 2.23.1. So if your concern is specifically security, I don't see a reason to upgrade that library at this point. But please let me know if you were asking for another reason or if I misunderstood your question.
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Orbeon Forms
Hi Brian,
If you want to upgrade the log4j jars, you need to update all three jars (log4j-api, log4j-core, log4j-slf4j2-impl) with the same version, not just log4j-core. Does this help, or did I misunderstand your question?
-Alex
Brian Steuhl
unread,
9:44 AM (9 hours ago) 9:44 AM
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Orbeon Forms
Yes that answers the question thank you. I will attempt that update.