"It is CVE-2021-44228 and affects version 2 of log4j between versions 2.0-beta-9 and 2.14.1. It is not present in version 1 of log4j and is patched in 2.15.0." It seems our log4j is old enough and is not affected .. Correct me if I am wrong. Better to upgrade it to 2.15.0 though.
On Sat, Dec 11, 2021 at 1:52 AM H W <[email protected]> wrote: > The current version in maven_install.json is 1.2. We need >2.15.0 if I > understand correctly > > On Sat, Dec 11, 2021 at 1:44 AM Ning Wang <[email protected]> wrote: > >> Are we using this library in Heron? We need to upgrade it ASAP if we do. >> >
