Hi,
... we are using SLF4J to abstract all the different logging frameworks
(Commons Logging, Log4J etc.). Under the hood logging in Fineract is done
by Logback and not Log4j. The only Log4j dependencies we have are those
that "redirect" the logging to Logback.
Here's also a vulnerability report for that specific dependency
("org.apache.logging.log4j:log4j-to-slf4j"):
https://snyk.io/vuln/maven:org.apache.logging.log4j:log4j-to-slf4j
FYI
Cheers,
Aleks
On Sat, Dec 11, 2021 at 2:10 AM AirsayLongCon <[email protected]>
wrote:
> Hello community,
> Are we are of the RCE reportedly affecting log4j
>
> If your organization uses the log4j library, you should upgrade
> to log4j-2.1.50.rc2 immediately.
>
>
> https://www.huntress.com/blog/rapid-response-critical-rce-vulnerability-is-affecting-java
>
