We are still getting those vulnerabilities related to log4j in our As server by our vulnerability scanner (we are running As 3.2.0). The scanner found these files:
gems/gems/ladle-0.2.0-java/lib/ladle/apacheds/log4j-1.2.14.jar gems/gems/mizuno-0.6.11/lib/java/log4j-1.2.17.jar I understand from earlier threads about this that these are for testing and not in use by the AS application. Is this true, and if so, can we simply remove the gems/gems/ladle-0.2.0-java/lib/ladle and mizuno-0.6.11 folders? Will it affect AS in any way? Thanks --- Bin Zhang (he/him/his) Systems and Technology Librarian Library Systems & IT Services, University Library California State University, Sacramento [email protected]<mailto:[email protected]> | +1 (916) 278-5664 Zoom: https://csus.zoom.us/my/bzhang
_______________________________________________ Archivesspace_Users_Group mailing list [email protected] http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
