Hi, You have to exclude log4j* from WEB-INF/lib form overlay plugin and add correct version as dependency( use 2.16.0 instead, a new CVE appeared on Tuesday) Regards,
Le mar. 14 déc. 2021 à 17:02, apereo_cas_user <[email protected]> a écrit : > We use cas 6.1.7 overlay template [still in pre-prod] for delegated > authentication. > As a temp solution we replaced log4j 2.12.1 with 2.15.0 manually and > bounced tomcat. > Is there a way we can exclude 2.12.1 from the build . [I can pull in > 2.15.0 by adding in build.gradle but conflict with 2.12.1]. We have issues > when upgrading to 6.3.7.2 > > Thanks > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/affbd618-e1e6-427f-b333-e00ca54bf1aen%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/affbd618-e1e6-427f-b333-e00ca54bf1aen%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAJtMnTFH2iCfbQQMe31WtoJtCgatasTAw4TCZWBUx8tZLirSXg%40mail.gmail.com.
