You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@fineract.apache.org by GitBox <gi...@apache.org> on 2022/03/29 04:58:55 UTC

[GitHub] [fineract] vidakovic commented on pull request #2205: FINERACT-1483: Fix sonar vulnerabilities with Blocker and Critical severity

vidakovic commented on pull request #2205:
URL: https://github.com/apache/fineract/pull/2205#issuecomment-1081403741


   @taskain7 ... the fix here should be relatively simple: it seems that there is a transitive dependency on log4j. The only thing to do here is to define an exclude on the library that drags it in (we are using Slf4j... which is why this check is triggered).
   
   Running:
   ```
   ./gradlew :fineract-provider:dependencies > /tmp/dependencies.txt
   ```
   should give you a quick way to find the library that includes log4j.
   
   And if you want to test locally if everything is good just execute this test:
   ```
   resources/features/infrastructure/infrastructure.classpath.feature
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@fineract.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org