On Thu, Dec 16, 2021 at 10:18 PM Enrico Olivelli <eolive...@gmail.com> wrote: > > +1 > > Especially if we have to deliver the upgrade of log4j2
BK 4.14 is including log4j 1.2.x, which has other vulnerabilities, though not the log4shell one.
On Thu, Dec 16, 2021 at 10:18 PM Enrico Olivelli <eolive...@gmail.com> wrote: > > +1 > > Especially if we have to deliver the upgrade of log4j2
BK 4.14 is including log4j 1.2.x, which has other vulnerabilities, though not the log4shell one.