Hello Aleks
Thank you for the clarification
On Sat, Dec 11, 2021, 10:17 AM Aleksandar Vidakovic <
[email protected]> wrote:
> Hi,
>
> ... we are using SLF4J to abstract all the different logging frameworks
> (Commons Logging, Log4J etc.). Under the hood logging in Fineract is done
> by Logback and not Log4j. The only Log4j dependencies we have are those
> that "redirect" the logging to Logback.
>
> Here's also a vulnerability report for that specific dependency
> ("org.apache.logging.log4j:log4j-to-slf4j"):
>
> https://snyk.io/vuln/maven:org.apache.logging.log4j:log4j-to-slf4j
>
> FYI
>
> Cheers,
>
> Aleks
>
> On Sat, Dec 11, 2021 at 2:10 AM AirsayLongCon <[email protected]>
> wrote:
>
>> Hello community,
>> Are we are of the RCE reportedly affecting log4j
>>
>> If your organization uses the log4j library, you should upgrade
>> to log4j-2.1.50.rc2 immediately.
>>
>>
>> https://www.huntress.com/blog/rapid-response-critical-rce-vulnerability-is-affecting-java
>>
>
