[
https://issues.apache.org/jira/browse/ARTEMIS-3806?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17538684#comment-17538684
]
Domenico Francesco Bruscino commented on ARTEMIS-3806:
------------------------------------------------------
[~dlenoch] reported on ARTEMIS-3839 that the org.jboss.logging:jboss-logging
3.4.3 artifact depends on old version of log4j with known vulnerabilities.
These vulnerabilities do not apply to jboss-logging, log4j is only used there
for facades, but the scan reports false positive vulnerabilities due to this.
> Upgrade logging dependencies
> ----------------------------
>
> Key: ARTEMIS-3806
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3806
> Project: ActiveMQ Artemis
> Issue Type: Dependency upgrade
> Reporter: Justin Bertram
> Assignee: Justin Bertram
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
