You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Blaze isn't vulnerable to CVE-2021-44228 because it doesn't use or depend on log4j.
Although Blaze is written in Clojure, it still runs on the JVM and uses many libraries from the Java ecosystem. The primary logging library Blaze uses is timbre, a pure Clojure logging library. The Java libraries, Blaze uses, all use the slf4j logging api. That libraries are org.apache.kafka/kafka-clients:3.0.0 and com.datastax.oss/java-driver-core:4.13.0. However the logging of that libraries is disabled by depending on org.slf4j/slf4j-nop at top-level.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Blaze isn't vulnerable to CVE-2021-44228 because it doesn't use or depend on log4j.
Although Blaze is written in Clojure, it still runs on the JVM and uses many libraries from the Java ecosystem. The primary logging library Blaze uses is timbre, a pure Clojure logging library. The Java libraries, Blaze uses, all use the slf4j logging api. That libraries are
org.apache.kafka/kafka-clients:3.0.0
andcom.datastax.oss/java-driver-core:4.13.0
. However the logging of that libraries is disabled by depending onorg.slf4j/slf4j-nop
at top-level.Beta Was this translation helpful? Give feedback.
All reactions