Home Sign Up Sign In
ciki
V2EX  ›  Java

druid 依赖 log4j 1.x,会受到漏洞影响吗?

  •   
  •   ciki · Dec 16, 2021 · 3383 views
    This topic created in 1619 days ago, the information mentioned may be changed or developed.

    不知道为啥 druid 到现在还依赖这个,也不能去掉,有影响吗?

  • Druid
  • log4j
  • 依赖
  • 去掉
    4 replies    2021-12-16 14:15:58 +08:00
    2i2Re2PLMaDnghL
        1
    2i2Re2PLMaDnghL  
       Dec 16, 2021
    1.x 不会受 44228 影响

    via <https://logging.apache.org/log4j/2.x/security.html>
    > Versions Affected: all versions from 2.0-beta9 through 2.12.1 and 2.13.0 through 2.14.1
    Finest
        2
    Finest  
       Dec 16, 2021
    是阿里的连接池 druid ,还是大数据的 druid
    ciki
        3
    ciki  
    OP
       Dec 16, 2021
    @hand515 阿里
    ciki
        4
    ciki  
    OP
       Dec 16, 2021
    @2i2Re2PLMaDnghL 原来如此
    About   ·   Help   ·   Advertise   ·   Blog   ·   API   ·   FAQ   ·   Solana   ·   977 Online   Highest 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 58ms · UTC 23:03 · PVG 07:03 · LAX 16:03 · JFK 19:03
    ♥ Do have faith in what you're doing.