Log4j module usage
astra-OCE opened this issue ยท 3 comments
Type of bug
Exploit
/ess dump all
output
N/A
Error log (if applicable)
N/A
Bug description
compileOnly 'org.apache.logging.log4j:log4j-core:2.0-beta9' - contains active vulnerability with the log4j 2.x only seen within only discord module.
?push to compileOnly: 'org.apache.logging.log4j:log4j-core:2.15.0'
Steps to reproduce
N/A
Expected behaviour
N/A
Actual behaviour
N/A
Essentials doesn't compile log4j, just uses it's API. I will bump the log4j version however as most server versions have bumped it as well.
Resolved in #4677.