Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
serverless/lib/plugins/create/templates/aws-kotlin-jvm-gradle/build.gradle , because this file have log4j 2.13 version
See original GitHub issueAre you certain it’s a bug?
- Yes, it looks like a bug
Is the issue caused by a plugin?
- It is not a plugin issue
Are you using the latest version?
- Yes, I’m using the latest version
Is there an existing issue for this?
- I have searched existing issues, it hasn’t been reported yet
Issue description
Hello, good morning, I want to know if you are going to update the version of log4j on the following plugin :plugins/create/templates/aws-kotlin-jvm-gradle/build.gradle , because this file have log4j 2.13 versions:
rg.apache.logging.log4j:log4j-api:2.13.3’, ‘org.apache.logging.log4j:log4j-core:2.13.3’,
thank you.
Service configuration (serverless.yml) content
N/A
Command name and used flags
N/A
Command output
N/A
Environment information
2.69.1
Issue Analytics
- State:
- Created 2 years ago
- Reactions:2
- Comments:15 (15 by maintainers)
Top Results From Across the Web
Dealing with the Critical Log4j Vulnerability - The Gradle Blog
A critical remote code execution (RCE) vulnerability has been identified in the popular Apache Log4j logging library that affects versions ...
Read more >How to fix Log4J Vulnerability in Gradle Project - Stack Overflow
log4j :log4j-core:2.14.0 Library in Gradle dependency tree for my project. We have not added log4j version from outside. This version is coming ...
Read more >Log4j – Maven, Ivy, Gradle, and SBT Artifacts
To build with Gradle, add the dependencies listed below to your build.gradle file. build.gradle. dependencies { implementation 'org.apache.
Read more >Log4J2 Vulnerability and Spring Boot
We have a spring boot server using the default logging system (have not switched to using log4j). We only see these two files...
Read more >2.14 (CVE-2021-44228) in IBM Maximo Scheduler Optimization
8 version Update the current Log4j 2.13.2 library with =>2.17.1 reference inside the build.gradle file. For MSO 8 version just update to the ......
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@pgrzesik No problem, I have reverted the aws library change. There should be no overlap now.
@JuanBermudezN I believe it does not include any breaking changes and we should upgrade it in the templates to 2.16.0 at least - PRs are welcome to address that for all our existing templates. Additionally, as @MarinaMeza pointed out, we should also update
aws-lambda-java-log4j2to 1.4.0 which is now the recommended version by AWS:PRs for that change would also be very welcome 🙇