You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Bug description
The latest Winfoom release contains dependencies that make Winfoom probably vulnerable against log4Shell/CVE-2021-44228.
As you can see in the Logback news, Logback provided a security fix along version 1.2.9, but Winfoom uses version 1.2.5.
Log4j-API 2.14.1 is also vulnerable against log4Shell, see Apache Log4j Security Vulnerabilities for more details. I recommend to use Log4j-API 2.17.2 .
Current dependencies found in Windfoom 4.0.1:
The text was updated successfully, but these errors were encountered:
Bug description
The latest Winfoom release contains dependencies that make Winfoom probably vulnerable against
log4Shell/CVE-2021-44228.
As you can see in the Logback news, Logback provided a security fix along version 1.2.9, but Winfoom uses version 1.2.5.
![log4shell](https://user-images.githubusercontent.com/1725648/159009287-315c2847-0779-4d8c-9bd6-4e4fb0288210.jpg)
Log4j-API 2.14.1 is also vulnerable against log4Shell, see Apache Log4j Security Vulnerabilities for more details. I recommend to use Log4j-API 2.17.2 .
Current dependencies found in Windfoom 4.0.1:
![winfoom](https://user-images.githubusercontent.com/1725648/159009291-4258e45c-bd33-4210-a9da-05594e8b9a28.jpg)
The text was updated successfully, but these errors were encountered: