JeecgBoot has a problem with Log4j2’s 0Day bug. Jeecgboot uses logback implementation, according to the reason does not affect
If you are concerned, you can also upgrade the version number as follows
The simplest way to fix it
Not surprisingly, it’s easy to change, just add the following configuration
Modify the file jeecg-boot\pom.xml
< the properties > < log4j2. Version > 2.15.0 < / log4j2 version > < / properties >Copy the code
2. After modification, click maven refresh button on the right
Iii. How to verify whether the version number is modified successfully? See the following figure
The appendix
I woke up this morning and Apache Log4j2, the well-known Java logging component, has gone viral. It was found to have a 0 Day vulnerability, Log4J2, which allows a hacker to log Remote Code Execution. Because the log library is so widely used and the vulnerability is so easy to use, the risk is so serious that you have to take precautions. Even customers who didn’t understand the code came to ask if the system had this problem.
Affected Versions The versions affected by the vulnerability range from Apache Log4j2 2.0 to 2.14.1.