Hi ,
The latest version of snmp4j-log4j:2.8.9 have the vulnerability below
snmp4j-log4j:
https://mvnrepository.com/artifact/org.snmp4j/snmp4j-log4j
Are you planning an upgrade to a new version that fixes it?
Thanks,
Atif
Yes, there will be an update today, though that vulnerability can be exploited only if a JDBC appender is configured in the log4j configuration.
So there is an easy „workaround“ when using this version of the API.
Thank you.
I still see that the vulnerability exists in the new version.
https://mvnrepository.com/artifact/org.snmp4j/snmp4j-log4j/2.8.10
Sorry, the was a typo in the pom.xml. Version 2.8.11 fixed that.
Is there an expected date for version 2.8.11?
It was already there before my last comment here.