Old releases are subject to the log4j bug and won't be updated.

[John Collins]

Most of you are no doubt aware of a serious security vulnerability in one of the libraries we use, log4j. The versions built into the 2021 and older versions of the Power TAC server and sample broker contain log4j versions that are vulnerable, but we have already updated the current 1.8.0-SNAPSHOT versions. So if you pull down the current snapshot sample-broker and use the current snapshot server-distribution, you should not experience any problems with this bug. It's actually pretty hard to see how the sample-broker (or any broker built using it's dependencies) would be susceptible anyway, given that it's not likely to be receiving (and logging) input from unknown sources.

As always, let us know if you have questions.

John