Skip to content

1.9.1 - upgrade log4j api & logback

Compare
Choose a tag to compare
@DaspawnW DaspawnW released this 15 Dec 11:24
· 39 commits to master since this release
6d0c019

Upgrade for security reasons log4j & logback.

  • As only log4j api is used it's not affected by the log4shell. Various scanners (e.g. trivy) still mark log4j-api as vulnerabile even it it's not the case.
  • logback has also a vulnerability which not affects vault-crd as scan=true must be set but to be also safe upgrade for it.