Sprint-boot 1.5.x with maven is affected por log4j vulnerability?

Juan Jose Silupú Maza Tue, 29 Mar 2022 14:00:52 -0700

I have a maven project with spring-boot 1.5.21.RELEASE.

Run the command: mvn dependency:tree | grep log4j
[INFO] |  |  |  \- org.slf4j:log4j-over-slf4j:jar:1.7.26:compile
[INFO] |  |  |  \- org.slf4j:log4j-over-slf4j:jar:1.7.26:compile
[INFO] |  |  |  \- org.slf4j:log4j-over-slf4j:jar:1.7.26:compile
[INFO] |  |  |  \- org.slf4j:log4j-over-slf4j:jar:1.7.26:compile



Also, my project has these dependencies:

Maven: org.slf4:jcl-over-slf4j:1.7.26

Maven: org.slf4:jul-to-slf4j:1.7.26

Maven: org.slf4:log4j-over-slf4j:1.7.26

Maven: org.slf4:slf4-api:1.7.26


So, is my project affected by the LOG4J vulnerability? How do I mitigate it?

Sprint-boot 1.5.x with maven is affected por log4j vulnerability?

Reply via email to