Is The Grails 3.3.2 Dependency On Tomcat-embed-logging-log4j-8.5.2.jar An Issue Due To Recent Log4j Vulnerabilities?
I have 5 grails servers built on 3.3.2 and they all have this dependency:
+--- org.grails:grails-plugin-rest: -> 3.3.2 | +--- org.grails:grails-plugin-datasource:3.3.2 | | \--- org.apache.tomcat.embed:tomcat-embed-logging-log4j:8.5.2
Is the Grails 3.3.2 dependency on tomcat-embed-logging-log4j-8.5.2.jar an issue due to recent log4j vulnerabilities?
No. Your app could still have a dependency on something that brings the vulnerability in, but
tomcat-embed-logging-log4j-8.5.2.jar does not.
- → CORS header 'Access-Control-Allow-Origin' missing only in browser/jquery but OK with curl
- → Server-side rendering of Java, ReactJs code on a web browser
- → MySQL JDBC driver not found in Tomcat 7 on Ubuntu 14.04 LTS
- → ambiguous mapping while deploying
- → Programmatically get Tomcat8 HTTP Connector's maxPostSize in a JSP
- → Element type "Resource" must be followed by either attribute specifications, ">" or "/>"
- → Caching lookups on application startup doesn't work
- → getting too many follow-up request as response of request
- → Apache Tomcat configuration: Access not authorized
- → Tomcat: One or more listeners failed to start
- → How to keep running a program on Linux through SSH connection?
- → Eclipse closed automatically