technomancy/leiningen

log4j vulnerability mitigation

mreinhardt opened this issue · 1 comments

Is the log4j vulnerability an issue with projects built using Leiningen?

See: https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance

Does anything need to be upgraded to the patched log4j version?

Leiningen does not use log4j, and even if it did, it already gives you full access to execute code without using the exploit.

If you have a specific concern we can address it, but this does not look like an actionable issue to me.