Hello Piotr,
So the solution for `ch.qos.logback:logback-core` would be to add this
dependency:
ch.qos.logback
logback-core
1.2.11
El mié, 30 mar 2022 a la(s) 02:42, Piotr P. Karwasz (piotr.karw...@gmail.com)
escribió:
> Hello Juan,
>
> On Tue, 29 Mar 2022 at 23:00, Juan Jose S
Hello Juan,
On Tue, 29 Mar 2022 at 23:00, Juan Jose Silupú Maza
wrote:
> So, is my project affected by the LOG4J vulnerability? How do I mitigate it?
The Log4Shell vulnerability (CVE-2021-44228) concerned only the
`log4j-core` artifact developed by the Apache Logging Services
project. The `org.s
Nope, judging from the output you've shared, your project doesn't use Log4j
as a backend. `log4j-over-slf4j` simply forwards calls made to Log4j 1 API
to SLF4J.
On Tue, Mar 29, 2022 at 11:00 PM Juan Jose Silupú Maza <
juansilupum...@gmail.com> wrote:
> I have a maven project with spring-boot 1.5.
t; *De: *Juan Jose Silupu Maza
> *Enviado: *martes, 29 de marzo de 2022 11:59
> *Para: *log4j-user-subscr...@logging.apache.org
> *Asunto: *Sprint-boot 1.5.x with maven is affected por log4j
> vulnerability?
>
>
>
> I have a maven project with spring-boot.
>
>
>
I have a maven project with spring-boot 1.5.21.RELEASE.
Run the command: mvn dependency:tree | grep log4j
[INFO] | | | \- org.slf4j:log4j-over-slf4j:jar:1.7.26:compile
[INFO] | | | \- org.slf4j:log4j-over-slf4j:jar:1.7.26:compile
[INFO] | | | \- org.slf4j:log4j-over-slf4j:jar:1.7.26:compi
ging.apache.org>
Asunto: Sprint-boot 1.5.x with maven is affected por log4j vulnerability?
I have a maven project with spring-boot.
[cid:image003.png@01D84364.0BCA2F60]
Run the command mvnw dependency:list | grep log4j and I get this output:
[cid:image004.png@01D84364.5F5646F0]
Also, I did a sea