I have a maven project with spring-boot 1.5.21.RELEASE. Run the command: mvn dependency:tree | grep log4j [INFO] | | | \- org.slf4j:log4j-over-slf4j:jar:1.7.26:compile [INFO] | | | \- org.slf4j:log4j-over-slf4j:jar:1.7.26:compile [INFO] | | | \- org.slf4j:log4j-over-slf4j:jar:1.7.26:compile [INFO] | | | \- org.slf4j:log4j-over-slf4j:jar:1.7.26:compile
Also, my project has these dependencies: Maven: org.slf4:jcl-over-slf4j:1.7.26 Maven: org.slf4:jul-to-slf4j:1.7.26 Maven: org.slf4:log4j-over-slf4j:1.7.26 Maven: org.slf4:slf4-api:1.7.26 So, is my project affected by the LOG4J vulnerability? How do I mitigate it?