|
|
|
|
|
|
by socksy
293 days ago
|
|
|
Plenty of Clojure projects are "done" (the only community I'm aware of that actually believes in this) that presumably specified the vulnerable log4j versions. In reality, it's not an issue, because you can deal with it in your own deps.edn/project.clj/maven.xml, by excluding the dependency, or overriding it with a newer one. |
|
|
This is maintenance. Maintenance is not an issue if you deal with it, if you don't deal with it, then it is an issue.