Hi!
We are using apm-agent library (apm-agent-attach) in a java application, and we've seen lastest version of apm-agent (1.52.1) comes with log4j 2.12.4, which has some vulnerabilities.
Are there any plans to launch a new version of apm-agent with a newest version of log4j, or even with logback instead of it? Or any alternatives to avoid having a vulnerable version of log4j...
Many thanks!
1 post - 1 participant