SNMP4J Log4J module - log4j vulnerability

Hi ,

The latest version of snmp4j-log4j:2.8.9 have the vulnerability below


Are you planning an upgrade to a new version that fixes it?



Yes, there will be an update today, though that vulnerability can be exploited only if a JDBC appender is configured in the log4j configuration.
So there is an easy „workaround“ when using this version of the API.

Thank you.
I still see that the vulnerability exists in the new version.

Sorry, the was a typo in the pom.xml. Version 2.8.11 fixed that.

Is there an expected date for version 2.8.11?

It was already there before my last comment here.