sofa-boot icon indicating copy to clipboard operation
sofa-boot copied to clipboard

Published 20 hours ago verified publisher icon sofastack

fix(sec): upgrade org.apache.logging.log4j:log4j-core to 2.17.1

Open CN-You opened this issue 2 years ago • 1 comments

What happened?

There are 6 security vulnerabilities found in org.apache.logging.log4j:log4j-core 2.8

What did I do?

Upgrade org.apache.logging.log4j:log4j-core from 2.8 to 2.17.1 for vulnerability fix

What did you expect to happen?

Ideally, no insecure libs should be used.

The specification of the pull request

PR Specification from OSCS

CN-You avatar Oct 13 '22 10:10 CN-You

Hi @CN-You, welcome to SOFAStack community, Please sign Contributor License Agreement!

After you signed CLA, we will automatically sync the status of this pull request in 3 minutes.

sofastack-bot[bot] avatar Oct 13 '22 10:10 sofastack-bot[bot]