Log4j vulnerability *NEW*

[desjardd1]

Log4j was recently updated to use 2.15 in the log4j client.
This version is still impacted and its considered a critical vulnerability now.

Are simpleclient_log4j and simpleclient_log4j2 going to be updated to include version 2.16 here ASAP as security scanners from our the security team are flagging these and they need to know when they will be updated even if they are considered "Not in use".

Thanks!
Dan

[LeviHarrison]

Transferring to the appropriate repo, but I think this has already been addressed in ffb1416.

[fstab]

I just released 0.14.0 with a log4j update to 2.16.0.

[LeviHarrison]

Thanks for all your hard work these past two weeks!

[desjardd1]

Yes thanks. Now its version 2.17 another update! :(

[fstab]

Here you go, a new release with 2.17: https://github.com/prometheus/client_java/releases/tag/parent-0.14.1