Home > Software design >  Is the Grails 3.3.2 dependency on tomcat-embed-logging-log4j-8.5.2.jar an issue due to recent log4j
Is the Grails 3.3.2 dependency on tomcat-embed-logging-log4j-8.5.2.jar an issue due to recent log4j

Time:02-11

I have 5 grails servers built on 3.3.2 and they all have this dependency:

 --- org.grails:grails-plugin-rest: -> 3.3.2
|     --- org.grails:grails-plugin-datasource:3.3.2
|    |    \--- org.apache.tomcat.embed:tomcat-embed-logging-log4j:8.5.2

CodePudding user response:

Is the Grails 3.3.2 dependency on tomcat-embed-logging-log4j-8.5.2.jar an issue due to recent log4j vulnerabilities?

No. Your app could still have a dependency on something that brings the vulnerability in, but tomcat-embed-logging-log4j-8.5.2.jar does not.

  • Related