This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

TraceGUI contains a vulnerable version of Log4j

I saw the announcement that TraceGUI was available for UCMDB.  I went ahead and installed it in our development environment. However our security team detected that the package contains log4j version 1.2.16. Log4j version 1 is no longer supported and is not allowed in our environment.

Is it possible to get a new TraceGUI package which contains a current, non-vulnerable, version of log4j?

Thanks