rollcage
rollcage copied to clipboard
Published
20 hours ago •
circleci
circleci
Does rollcage expose users to the log4shell exploit?
rollcage is currently using org.clojure/tools.logging 0.4.0 which depends on a version of log4j that is vulnerable to the log4shell exploit:
https://logging.apache.org/log4j/2.x/security.html
Does rollcage expose users to the log4shell exploit?
Upgrading to tools.logging 1.2.2 would result in loading the recommended log4j version 2.16.0
