In our project we use spymemcached.2.11.1.jar which uses Log4J 1.2.16
There is a security vulnerability observed in Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialised, can execute arbitrary code.
How do I apply the Log4J security patch (
https://www.cvedetails.com/cve/CVE-2017-5645/) on memcached jars? Would memcached do it or should i update the pom.xml in memcached jar myself?
Regards,
Deepthi