You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, we ship a version of vnu.jar which uses log4j v1.2.17 and commons-fileupload v1.3.1 both of which have severe (probably irrelevant) vulnerabilities. This is preventing automatic deployment of html5validator in secure environments. As the upstream maintainers do not want to update their log4j dependency, we have to either patch it locally or drop the dependency on vnu.jar.
The text was updated successfully, but these errors were encountered:
Currently, we ship a version of
vnu.jarwhich useslog4j v1.2.17andcommons-fileupload v1.3.1both of which have severe (probably irrelevant) vulnerabilities. This is preventing automatic deployment of html5validator in secure environments. As the upstream maintainers do not want to update their log4j dependency, we have to either patch it locally or drop the dependency onvnu.jar.The text was updated successfully, but these errors were encountered: