Play Framework
Log4J Vulnerable fix - Play #12170
kbose-rkon
started this conversation in
Ideas
Log4J Vulnerable fix - Play
#12170
Replies: 1 comment
-
|
First of all, since you are using Scala 2.11 I guess you are using an outdated, unsupported Play Framework version. I highly recommend upgrading Play to that latest version with the help of our migration guides. Further, you say you want to exclude " vulnerable log4j 1.2.17". Because you do libraryDependencies ++= Seq(
...
"org.apache.logging.log4j" % "log4j-api" % "2.17.2",
"org.apache.logging.log4j" % "log4j-core" % "2.17.2",
"org.apache.logging.log4j" % "log4j-slf4j-impl" % "2.17.2",
...you don't really "exclude" log4j, but you upgrade it instead. What makes you think that this does not work? Like how do you know that you still have an older log4j version on the classpath? Did you check with |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
We are using Sbt (0.13.11)
build_sbt.txt
based Play framework application as mentioned configuration in the attachment, we want to exclude dependencies related to vulnerable log4j 1.2.17.
As mentioned in the build file, we tried to mention the proper log4j 2.17, seems default one log4j 1.2.17 is not getting replaced with new version of log4j.
Can you please help us on this ?
Beta Was this translation helpful? Give feedback.
All reactions