pf4j consuming log4j with Vulnerability
13 views
Skip to first unread message
yogesh tillu
Sep 2, 2022, 1:56:03 PM9/2/22
to pf4j
Hi Everyone,
log4j:log4j Deserialization of Untrusted Data
We are currently facing a vuln report of using pf4j using the below dependency,
Do we have an updated version of pf4j using the latest version of log4j.
com.external.plugins:rapidAp...@1.0-SNAPSHOT › org.pf4j:pf4j-...@0.7.0 › org.slf4j:slf4j-...@1.7.29 › log4j:lo...@1.2.17
log4j:log4j Deserialization of Untrusted Data
Thanks in advance, looking for suggestions if already been addressed.
Thanks,
Yogesh
deceba...@gmail.com
Sep 3, 2022, 3:45:05 AM9/3/22
to pf4j
Hi,
Log4j is used in PF4J only in tests and demo project, so I don't see a problem.
For more information see https://github.com/pf4j/pf4j/blob/master/pf4j/pom.xml.
Log4j is used in PF4J only in tests and demo project, so I don't see a problem.
For more information see https://github.com/pf4j/pf4j/blob/master/pf4j/pom.xml.
Reply all
Reply to author
Forward
0 new messages