For obvious reasons I am trying to update log4j to version 2.15.
However the submodule log4j-nosql seems to be discontinued after 2.9.1: https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-nosql/
Is updating this submodule necessary? Which submodule contains the exploit?
Advertisement
Answer
I see no evidence that it’s “discontinued”, it’s just effectively feature-complete. They haven’t needed to update it, so they haven’t updated it.
Is updating this submodule necessary?
No. There hasn’t even been a release of this since 2017, so there’s nothing to update it to.
Which submodule contains the exploit?
log4j-core