Update Play framework with Log4j 2.15.0 dependency

kaustab93 · December 14, 2021, 11:47am

Hi All,

We have been using Play framework 1.3 for years now in our projects which is using Log4j version of 1.2.17 that is super old. Recently there are a lot of buzz on the internet regarding the Log4j vulnerabilities, and to secure our web apps we will need to update the Log4j version to 2.15.0.
Is it possible to get rid of the older version of Log4j from the class path ?
Also is it possible to get it fixed from the Play framework’s DEV team ?

Thanks, in advance.

mkurz · December 29, 2021, 7:09pm

I think you might want to take a look at this discussion: Log4j Critical Exploit - Play1 possibly unaffected · Issue #1367 · playframework/play1 · GitHub

Topic		Replies	Views
Logback Vulnerability Priority Play Framework	2	736	December 20, 2021
Play 2.7.6 and 2.8.3 releases Play Framework	1	390	October 28, 2020
Play 2.6.15 released! Play Framework releases	0	1177	May 28, 2018
Play 2.8.13 released! Play Framework	4	1330	January 20, 2022
Move away from Logback and slf4j? Play Framework	3	1466	March 23, 2021

Update Play framework with Log4j 2.15.0 dependency

Related Topics