Juan Jose Silupú Maza
> wrote:
> > So, is my project affected by the LOG4J vulnerability? How do I mitigate
> it?
>
> The Log4Shell vulnerability (CVE-2021-44228) concerned only the
> `log4j-core` artifact developed by the Apache Logging Services
> project. The `org.slf4
Hello Juan,
On Tue, 29 Mar 2022 at 23:00, Juan Jose Silupú Maza
wrote:
> So, is my project affected by the LOG4J vulnerability? How do I mitigate it?
The Log4Shell vulnerability (CVE-2021-44228) concerned only the
`log4j-core` artifact developed by the Apache Logging Services
project.
r-slf4j:jar:1.7.26:compile
> [INFO] | | | \- org.slf4j:log4j-over-slf4j:jar:1.7.26:compile
>
>
> Also, my project has these dependencies:
>
> Maven: org.slf4:jcl-over-slf4j:1.7.26
>
> Maven: org.slf4:jul-to-slf4j:1.7.26
>
> Maven: org.slf4:log4j-over-slf4j:1.7.26
>
> Maven:
t; *De: *Juan Jose Silupu Maza
> *Enviado: *martes, 29 de marzo de 2022 11:59
> *Para: *log4j-user-subscr...@logging.apache.org
> *Asunto: *Sprint-boot 1.5.x with maven is affected por log4j
> vulnerability?
>
>
>
> I have a maven project with spring-boot.
>
>
>
LOG4J vulnerability? How do I mitigate it?
ging.apache.org>
Asunto: Sprint-boot 1.5.x with maven is affected por log4j vulnerability?
I have a maven project with spring-boot.
[cid:image003.png@01D84364.0BCA2F60]
Run the command mvnw dependency:list | grep log4j and I get this output:
[cid:image004.png@01D84364.5F5646F0]
Also, I did a sea
Hi,
I have a web application which I use *Apache Tomcat* as the web container.
Also, I was using the* log4j framework* with version "*1.2.8*" to keep
logs. When I learned that log4j was *vulnerable*, I tried to uninstall it.
Because I want to make sure it's not vulnerable before using it again.
I
