Juicebox icon indicating copy to clipboard operation
Juicebox copied to clipboard
verified publisher icon aidenlab

released jars susceptible to log4j vulnerability

Open annashch-insitro opened this issue 3 years ago • 0 comments

Dear Aiden lab,

Thank you for this great tool. Looks like the latest released jar files are susceptible to log4j vulnerability (https://www.kb.cert.org/vuls/id/930724), would it be possible to generate release with log4j upgraded to 2.17.1 to mitigate the issue?

If anyone else encountering this, a temp workaround is:

zip -d path/to/juicer_tools.jar org/apache/log4j/net/JMSAppender.class

Many thanks!

annashch-insitro avatar Feb 08 '22 17:02 annashch-insitro