log4j vulnerability mitigation
mreinhardt opened this issue · 1 comments
mreinhardt commented
Is the log4j vulnerability an issue with projects built using Leiningen?
See: https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance
Does anything need to be upgraded to the patched log4j version?
technomancy commented
Leiningen does not use log4j, and even if it did, it already gives you full access to execute code without using the exploit.
If you have a specific concern we can address it, but this does not look like an actionable issue to me.