I see stash-java-client-core latest version uses log4j 1.X.
I am aware log4j 1.X is not vulnerable to the Zero Day vulnerability but still I prefer to upgrade to 2.17
Has anyone found how to this? Is there any work around to make sure log4j 1.X is not being used? I see it is a compile dependency which implies stash-java-client-core requires log4j to work.
Any answer would be really helpful. Thanks
Hi
I asked same question from support and i did get this answer:
I hope it will help You also.
With best
Urmo
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.