Hello, Just a quick note to say that there is a discussion happening around the log4j vulnerability and GoCD here <https://github.com/gocd/gocd/discussions/9931>.
The current understanding is that GoCD (by itself) isn't vulnerable, since it doesn't use log4j directly. There is a TFS dependency which uses log4j, but it had been made to use log4j-over-slf4j and then logback from there -- and so, *shouldn't* be vulnerable. If things change, and more information is found, it might be in that discussion page instead of here. Cheers, Aravind -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/CACxychGaJ3RD2kOJzWqN-h5nSS0XvwiXsL_VGAd%3DqanPC3rdgw%40mail.gmail.com.
