Hello Pranav, No, I can't confirm that, because I haven't looked into any old versions. After 21.3.0 came out, it doesn't make sense to be on any older version, since anything less than 21.2.0 was directly vulnerable in a very bad way.
My *opinion* is that 20.6.0 is not vulnerable to this, since the log4j v1 to slf4j + logback change was done in 2016, as mentioned in the GitHub discussion: <https://github.com/gocd/gocd/discussions/9931> Regards, Aravind -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/m2v8zsa9hd.fsf%40arvindsv.com.
