fabric-sdk-java released with Log4J critical vulnerability fix


Mark Lewis
 

Hi everyone,

fabric-sdk-java v2.2.10 and v1.4.14 have been published to Maven Central. They update the Log4J dependency to 2.16.0 to address both CVE-2021-44228 (Log4Shell, which was already patched in fabric-sdk-java v2.2.9) and also the follow-on CVE-2021-45046 vulnerabilities:

Join fabric@lists.hyperledger.org to automatically receive all group messages.