When you create a new maven project in eclipse and try to update it, you would likely to an auto download of 1.2.12 log4j jar that is variable.
One possible reason I came across on this is due to 1.5 java version dependencies added while creating a new maven project and if you update or wait for the pom to download all the dependencies the project auto downloads this and it may lead to security concerns.
The solution that worked for me was to update the execution environment in maven project i.e., to Java 11.
Having 1.x version of log4j is a serious security concern in modern cloud or on premise based solutions.
Update the Execution environment from 1.5 to 1.8 or 9, 10 or 11 or to higher version
No comments:
Post a Comment