Hello everyone, I have noticed that axis2 depends on log4j version 1 and spring framework 2.5.1. These have significant CVEs. Are there any plans for axis2 to move off these vulnerable components please?
log4j-v1
Apache Axis2 - Transport - testkit
Apache Axis2 - tool - WSDL2Code Maven Plugin
spring-core-2.5.1
Apache Axis2 - spring
--
Regards,
Andrew Marlow
http://www.andrewpetermarlow.co.uk
