Log4j2 Vulnerability and SmallRye

8 views
Skip to first unread message

Roberto Cortez

unread,
Dec 14, 2021, 7:38:26 PM12/14/21
to smal...@googlegroups.com
Hi,

We just published a blog about the recent discovery of the Log4j2 Vulnerability and how it affects SmallRye (it doesn’t):

Aside for a couple of projects that have log4j2 as a test dependencies, SmallRye libraries do not include or use any log4j artifacts in their runtime dependencies. Even if SmallRye itself is not directly affected by this vulnerability, runtimes may be compromised. We advice to check and upgrade the log4j2 version.

Cheers,
Roberto
Reply all
Reply to author
Forward
0 new messages