On Mon, Dec 13, 2021 at 10:45 AM David Ecker <da...@ecker-software.de> wrote: > > Hi, > > since it looks like camel/camel-k is directly affected by the > vulnerability; Is a patch or a workaround for camel-k already available? >
Where do you think that? camel-k runs on quarkus that is not affected. Camel is a library that do not use log4j - we use slf4j-api as logging abstraction. the builder pod for camel-k is using apache maven, which uses the simpler logging from slf4j. not sure where you think log4j-core is active in use in camel-k. A blot post is in draft at https://github.com/apache/camel-website/pull/714 > Thanks, > David -- Claus Ibsen ----------------- http://davsclaus.com @davsclaus Camel in Action 2: https://www.manning.com/ibsen2
