Log4j is making SocketServer class vulnerable. Do I need to remove my SocketServer class file?
Asked 2 years ago
Hi, I'm implementing Log4j and scanned for vulnerability. It's just my luck that it turns out that it's making my SocketServer class vulnerable to deserialization of untrusted data and I'm not sure how to resolve it. I tried looking for fixed 1.x versions , but there don't seem to be any? I could try to patch it, but that would mean that I have to remove the SocketServer class file. Not so?
Please follow our Community Guidelines