[slf4j-dev] [JIRA] Updates for SLF4J-494: slf4j introduces the log4j version of 1.2.17. There is a security vulnerability. The security vulnerability CVE numbers are CVE-2019-17571 and CVE-2020-9488. Please fix it.
QOS.CH (JIRA)
noreply-jira at qos.ch
Wed Dec 2 10:58:00 CET 2020
SLF4J / SLF4J-494 [Open]
slf4j introduces the log4j version of 1.2.17. There is a security vulnerability. The security vulnerability CVE numbers are CVE-2019-17571 and CVE-2020-9488. Please fix it.
==============================
Here's what changed in this issue in the last few minutes.
There is 1 comment.
View or comment on issue using this link
https://jira.qos.ch/browse/SLF4J-494
==============================
1 comment
------------------------------
Rade Martinović on 02/Dec/20 10:53 AM
log4j:log4j:1.2.17 is the latest version released in 2012. I guess log4j 1 should be deprecated in favor of log4j 2. I hope no one is using log4j 1 anymore.
==============================
This message was sent by Atlassian Jira (v8.8.0#808000-sha1:e2c7e59)
More information about the slf4j-dev
mailing list