The Apache POI team is pleased to announce the release of 5.1.0. Version (currently v2.17.0) - including log4j-api. We strongly recommend that they upgrade all their log4j dependencies to the latest If any POI or XMLBeans user uses log4j-core to control their logging of their application, The security vulnerabilities are not in log4j-api - they are in log4j-core. POI 5.1.0 and XMLBeans 5.0.2 (the latest releases of both) have only dependencies on log4j-api 2.14.1. The Apache POI PMC has evaluated the security vulnerabilities reported
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |