You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Hello, I'm an informatician with some IT skills and not a developer. Please forgive any wrong verbiage. I'm at Mayo Clinic and am using MedTagger on a project. I have a debian machine in the cloud and I cloned the repository, updated settings, use maven then ant to create a .jar.
My IT team contacted me stating that log4j 1x is a security risk. The cloned version when running with your standard pom.xml file creates the following files:
....home directory.../.m2/repository/log4j/1.2.12/log4j-1.2.12.jar
....home directory.../.m2/repository/log4j/1.2.12/log4j-1.2.12.pom
....home directory.../.m2/repository/log4j/1.2.12/log4j-1.2.12.jar.sha1
....home directory.../.m2/repository/log4j/1.2.12/log4j-1.2.12..pom.sha1
Desktop (please complete the following information):
Version: tf2-gpu.2-8.m112
Based on: Debian GNU/Linux 11 (bullseye) (GNU/Linux 5.10.0-33-cloud-amd64 x86_64\n)
Additional context
Wondering if you'll be updating your default version to avoid log4j 1.x since it is no longer supported. If you aren't planning on doing that, how do I change the configuration to avoid using those files?
The text was updated successfully, but these errors were encountered:
Describe the bug
Hello, I'm an informatician with some IT skills and not a developer. Please forgive any wrong verbiage. I'm at Mayo Clinic and am using MedTagger on a project. I have a debian machine in the cloud and I cloned the repository, updated settings, use maven then ant to create a .jar.
My IT team contacted me stating that log4j 1x is a security risk. The cloned version when running with your standard pom.xml file creates the following files:
....home directory.../.m2/repository/log4j/1.2.12/log4j-1.2.12.jar
....home directory.../.m2/repository/log4j/1.2.12/log4j-1.2.12.pom
....home directory.../.m2/repository/log4j/1.2.12/log4j-1.2.12.jar.sha1
....home directory.../.m2/repository/log4j/1.2.12/log4j-1.2.12..pom.sha1
Desktop (please complete the following information):
Version: tf2-gpu.2-8.m112
Based on: Debian GNU/Linux 11 (bullseye) (GNU/Linux 5.10.0-33-cloud-amd64 x86_64\n)
Additional context
Wondering if you'll be updating your default version to avoid log4j 1.x since it is no longer supported. If you aren't planning on doing that, how do I change the configuration to avoid using those files?
The text was updated successfully, but these errors were encountered: