I see stash-java-client-core latest version uses log4j 1.X.
I am aware log4j 1.X is not vulnerable to the Zero Day vulnerability but still I prefer to upgrade to 2.17
Has anyone found how to this? Is there any work around to make sure log4j 1.X is not being used? I see it is a compile dependency which implies stash-java-client-core requires log4j to work.
Any answer would be really helpful. Thanks
I asked same question from support and i did get this answer:
I hope it will help You also.
Hi everyone, Are you Bitbucket DC customer? If so, we'd love to talk to you! Our team wants to dive deep to understand your long-term plans regarding Bitbucket DC and Atlassian Cloud. Do you plan...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events