Hi All,
As you probably all know there is vulnarability CVE-2021-44228 found in
log4j.The newest Geotools lib (version 26.1) contains an older not supported
version of log4j.jar (log4j-1.2.12.jar)
According http://slf4j.org/log4shell.htmlthis old version is not affected by
the vulnerability but it is strongly advised to migrate to a newer version.
I have 2 questions:- Will this log4j.jar file be replaced shortly?- In my
Geotools deployment I removed log4j-1.2.12.jar and only use
log4j-over-slf4j-1.6.4.jar, slf4j-simple-1.7.12.jar and
slf4j-api-1.7.12.jarDoes this mean I do not use log4j at all?
Thanks for your help,
Ron
_______________________________________________
GeoTools-GT2-Users mailing list
GeoTools-GT2-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geotools-gt2-users
