iot-device-java引用了log4j,帮忙升级下咯 #11
Comments
|
在处理中 |
|
@zhuCheer 你们需要升级 log4j 的原因是什么呢?因为 log4j 的漏洞,还是接口不匹配? |
|
log4j 有 CVE 漏洞,com.tencent.iot.hub.device.java.utils.Loggor 直接用的 log4j,可以改为同时适配 logback 和 log4j 吗 |
|
已升级log4j版本,可使用3.3.10版本。 |
|
https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j/2.17.2 而且还是存在有漏洞的 log4j 1.2.17 版本依赖 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
iot-device-java引用了log4j,帮忙升级下咯
The text was updated successfully, but these errors were encountered: