You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Log4j version update to 2.15.0 and above due to recent vulnerability.
On December 9, 2021, a very serious vulnerability in the popular Java-based logging package Log4j was widely disclosed. This vulnerability allows an attacker to execute code on a remote server.
Version info (please complete the following information):
Lombok version 1.18.20
Platform (java 8)
Additional context Please help us with updated version of Lombok having Log4j version 2.15.0 and above with formatMsgNoLookups=true
Or Kindly help us with the command to update the Log4j version inside Lombok dependencies.
Describe the bug
Log4j version update to 2.15.0 and above due to recent vulnerability.
On December 9, 2021, a very serious vulnerability in the popular Java-based logging package Log4j was widely disclosed. This vulnerability allows an attacker to execute code on a remote server.
To Reproduce
Please follow below steps:
https://blog.cloudflare.com/how-cloudflare-security-responded-to-log4j2-vulnerability/
Expected behavior
This vulnerability allows an attacker to execute code on a remote server:
https://www.randori.com/blog/cve-2021-44228/
Version info (please complete the following information):
Additional context
Please help us with updated version of Lombok having Log4j version 2.15.0 and above with formatMsgNoLookups=true
Or Kindly help us with the command to update the Log4j version inside Lombok dependencies.
@abimarank @stephenh @wesley Workman
The text was updated successfully, but these errors were encountered: