[#3063] Whilst lombok is not vulnerable to Log4Shell, we do have the dependency on log4j, solely for testing purposes, and no user input is ever logged with it. Nevertheless, pushing the dep to 2.16 to avoid false positives from vulnerability scanners ruining the day. - github/lombok.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Reinier Zwitserloot <r.zwitserloot@projectlombok.org>	2021-12-16 21:21:38 +0100
committer	Reinier Zwitserloot <r.zwitserloot@projectlombok.org>	2021-12-16 21:35:37 +0100
commit	c10b47a5d12b94570067c4b412c3018630300e7f (patch)
tree	46384d1435cf3800df38067fadf80a903d1a83db /SECURITY.md
parent	35430a2e6baf526aecd9d86804eabeb9dd182545 (diff)
download	lombok-c10b47a5d12b94570067c4b412c3018630300e7f.tar.gz lombok-c10b47a5d12b94570067c4b412c3018630300e7f.tar.bz2 lombok-c10b47a5d12b94570067c4b412c3018630300e7f.zip

[#3063] Whilst lombok is not vulnerable to Log4Shell, we do have the dependency on log4j, solely for testing purposes, and no user input is ever logged with it. Nevertheless, pushing the dep to 2.16 to avoid false positives from vulnerability scanners ruining the day.

Diffstat (limited to 'SECURITY.md')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: