Abra and log4j

[colindaven]

Hi,

Abra is being picked up by a log4j vulnerability detection tool. I would guess the threat level is low (not web based), but am not sure.

Is there any version without this or with a high enough version to not be affected ?

java -jar log4j-detector-2021.12.13.jar tools/
-- Analyzing paths (could take a long time).
-- Note: specify the '--verbose' flag to have every file examined printed to STDERR.
/mnt/ngsnfs/tools/abra2/abra2-2.11.jar contains Log4J-2.x   >= 2.0-beta9 (< 2.10.0) _VULNERABLE_ :-(

Thanks.