log4j 漏洞, Nacos没有风险 #226
Comments
|
Nacos没有使用log4j做日志框架,server一直使用的logback,另外客户端的日志框架是optional选项,所以不太明白你说的升级指什么?? |
|
好吧~_~,我以为nacos会有影响 |
|
但是nacos包里面有这个文件: |
|
低于2.15.0.RC2,所以能从nacos-server.jar包里面移除吗? |
出问题需要log4j-core这个包才是bug包 原文出处 https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot Nacos目前也会去升级,但是这个并不会造成 0 day |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
如题
The text was updated successfully, but these errors were encountered: