https://community.splunk.com/t5/Splunk-Dev/splunk-library-javalogging-log4j2-vulnerability/m-p/579154#M10263 <P>I can see that there is a new version of splunk-library-javalogging dependency released for the log4j2 vulnerability. Can we just override the log4j2 versions to the newer version(2.17.0) on the parent pom instead of updating the splunk-library-javalogging dependency to 1.11.*?</P> Thu, 23 Dec 2021 04:09:25 GMT splunkuser61 2021-12-23T04:09:25Z https://community.splunk.com/t5/Splunk-Dev/splunk-library-javalogging-log4j2-vulnerability/m-p/579154#M10263 <P>I can see that there is a new version of splunk-library-javalogging dependency released for the log4j2 vulnerability. Can we just override the log4j2 versions to the newer version(2.17.0) on the parent pom instead of updating the splunk-library-javalogging dependency to 1.11.*?</P> Thu, 23 Dec 2021 04:09:25 GMT https://community.splunk.com/t5/Splunk-Dev/splunk-library-javalogging-log4j2-vulnerability/m-p/579154#M10263 splunkuser61 2021-12-23T04:09:25Z https://community.splunk.com/t5/Splunk-Dev/splunk-library-javalogging-log4j2-vulnerability/m-p/581693#M10264 <P>It may not work so for security reasons we recommend you to upgrade the library version.</P> Wed, 19 Jan 2022 15:57:09 GMT https://community.splunk.com/t5/Splunk-Dev/splunk-library-javalogging-log4j2-vulnerability/m-p/581693#M10264 vmalaviya 2022-01-19T15:57:09Z