spring-statemachine icon indicating copy to clipboard operation
spring-statemachine copied to clipboard

Published 20 hours ago verified publisher icon spring-projects

Look log4j dep version

Open jvalkeal opened this issue 3 years ago • 1 comments

While doing gradle build update:

Errors occurred while build effective model from /home/jvalkealahti/.gradle/caches/modules-2/files-2.1/log4j/log4j/1.2.16/88efb1b8d3d993fe339e9e2b201c75eed57d4c65/log4j-1.2.16.pom:
    'build.plugins.plugin[io.spring.gradle.dependencymanagement.org.apache.maven.plugins:maven-antrun-plugin].dependencies.dependency.scope' for junit:junit:jar must be one of [compile, runtime, system] but is 'test'. in log4j:log4j:1.2.16

We have defined log4j as 1.2.17 which removes that error/warning. Look if we can do without defining version.

jvalkeal avatar Jul 11 '21 15:07 jvalkeal

Any chance our current log4j asset is compromised by the recent vulnerabilities exposed in the end of 2021?

Daanielvb avatar Jan 18 '22 14:01 Daanielvb