We in our project use spymemcached.2.11.1.jar which uses Log4J 1.2.16 <https://mvnrepository.com/artifact/log4j/log4j/1.2.16>
There is a security vulnerability observed in Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialised, can execute arbitrary code. How do I apply the Log4J security patch ( https://www.cvedetails.com/cve/CVE-2017-5645/) on memcached jars? Would memcached do it or should i update the pom.xml in memcached jar myself? Regards, Deepthi -- --- You received this message because you are subscribed to the Google Groups "memcached" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
