Kotlin for Forge

Kotlin for Forge

70M Downloads

Shadow plugin dependency should be updated to 7.1.1 for mitigating the log4j CVE

jrddunbr opened this issue ยท 1 comments

commented

Hello,

I noticed that you are not using the recently updated version of the Shadow plugin that is patched for the log4j CVE. It doesn't seem to impact the security of the mod jar itself, because you don't shadow in log4j into your jars (at least, not that I could see), but for completeness you may want to update to Shadow 7.1.1.

https://github.com/johnrengelman/shadow/releases/tag/7.1.1

I'd submit a PR if it was a simple version bump, but it looks like there are possibly breaking changes between shadow 6 and shadow 7, so I don't have the time right now to actually test that.

Fantastic mod, btw. Thanks for making it :)

commented

I updated it, thanks for pointing it out ๐Ÿ‘