Sara Ananth
Reputation: 33
Is there any fix/update for log4j vulnerability for Karate framework?
Is it safe to use log4j with karate latest version 1.1.0? Will the log4j vulnerabilities affect the framework? Is there any way to update log4j version to 2.17.0 in the mix?
Upvotes: 1
Views: 394
Answers (1)
Peter Thomas
Reputation: 58058
Karate does not use log4j and uses logback instead. Maybe you are using an old version, so you need to upgrade.
Note that even logback had a vulnerability so you should use Karate 1.2.0.RC2, please find details here: https://twitter.com/getkarate/status/1471710785051103233
Upvotes: 1
Related Questions
- Log4j vulnerability - Is Log4j 1.2.17 vulnerable (was unable to find any JNDI code in source)?
- Was slf4j affected with vulnerability issue in log4j
- Log4j 1: How to mitigate the vulnerability in Log4j without updating version to 2.15.0
- fix for log4j vulnerability (CVE-2021-44228) for Apache storm?
- Does Groovy have log4j vulnerability?
- What is the latest stable spring boot version in which log4j vulnerability is fixed?
- Given the recent log4j vulnerability, should I update jdk versions or should I manually update log4j?
- How do I fix the log4j vulnerability (Windows)?
- How to search for log4j vulnerability?
- Is log4j vulnerable? Sample code to test the vulnerability