[bisq-network/bisq] Upgrade log4j 2.15.0 => 2.17.0 (PR #5928)
cbeams
notifications at github.com
Mon Dec 20 07:39:27 CET 2021
This change upgrades log4j to patch fixes for recently documented
CVE-2021-45046 CVE-2021-45105 vulnerabilities related to the Log4Shell
exploit.
Like the earlier fix, Bisq does not appear to be vulnerable to these
exploits because it does not use log4j directly, only transitively
depends on it. Nevertheless, the upgrade is still the safe bet.
You can view, comment on, or merge this pull request online at:
https://github.com/bisq-network/bisq/pull/5928
-- Commit Summary --
* Upgrade log4j 2.15.0 => 2.17.0
-- File Changes --
M build.gradle (2)
M gradle/verification-metadata.xml (26)
-- Patch Links --
https://github.com/bisq-network/bisq/pull/5928.patch
https://github.com/bisq-network/bisq/pull/5928.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/pull/5928
You are receiving this because you are subscribed to this thread.
Message ID: <bisq-network/bisq/pull/5928 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20211219/aa9329e0/attachment-0001.htm>
More information about the bisq-github
mailing list