Ha. As I write this ... someone seems to have brought this up. Please watch this or the discussion for updates.
On Mon, Dec 13, 2021 at 12:53 PM Aravind SV <[email protected]> wrote: > Hello, > > Just a quick note to say that there is a discussion happening around the > log4j vulnerability and GoCD here > <https://github.com/gocd/gocd/discussions/9931>. > > The current understanding is that GoCD (by itself) isn't vulnerable, since > it doesn't use log4j directly. There is a TFS dependency which uses log4j, > but it had been made to use log4j-over-slf4j and then logback from there -- > and so, *shouldn't* be vulnerable. > > If things change, and more information is found, it might be in that > discussion page instead of here. > > Cheers, > Aravind > -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/CACxychGGmvAVqfY-T-oGg-ZB_9zzUB52oKSD7phz%2BWR%3DJ%2BPwpA%40mail.gmail.com.
