Release Notes / Version 11.2304
Table Of ContentsThird-Party Update: log4j-to-slf4j
The Log4J library
log4j-to-slf4j
has been updated to version 2.17.1.
Note that recent security vulnerabilities for Log4J like CVE-2021-44228 ("Log4Shell"), CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 do not affect the usage of the Log4J adapter library
log4j-to-slf4j
that is used in CMCC to forward logging via SLF4J to Logback.
(CMS-20645)