Grails 3.3.2 对 tomcat-embed-logging-log4j-8.5.2.jar 的依赖是否是由于最近的 log4j 漏洞导致的问题?
Is the Grails 3.3.2 dependency on tomcat-embed-logging-log4j-8.5.2.jar an issue due to recent log4j vulnerabilities?
我有 5 个基于 3.3.2 构建的 grails 服务器,它们都具有以下依赖项:
+--- org.grails:grails-plugin-rest: -> 3.3.2
| +--- org.grails:grails-plugin-datasource:3.3.2
| | \--- org.apache.tomcat.embed:tomcat-embed-logging-log4j:8.5.2
Is the Grails 3.3.2 dependency on tomcat-embed-logging-log4j-8.5.2.jar
an issue due to recent log4j vulnerabilities?
没有。您的应用可能仍然依赖于某些会带来漏洞的东西,但 tomcat-embed-logging-log4j-8.5.2.jar 不会。
我有 5 个基于 3.3.2 构建的 grails 服务器,它们都具有以下依赖项:
+--- org.grails:grails-plugin-rest: -> 3.3.2
| +--- org.grails:grails-plugin-datasource:3.3.2
| | \--- org.apache.tomcat.embed:tomcat-embed-logging-log4j:8.5.2
Is the Grails 3.3.2 dependency on tomcat-embed-logging-log4j-8.5.2.jar an issue due to recent log4j vulnerabilities?
没有。您的应用可能仍然依赖于某些会带来漏洞的东西,但 tomcat-embed-logging-log4j-8.5.2.jar 不会。