CVE-2020-9488 vulnerabilities with java apm agent 1.34.1

After we have upgraded apm to 1.34.1, we are still seeing vulnerability CVE-2020-9488 showing up in our application scan reports (earlier we were using 1.28.4)

Expected log4j fix version is 2.13.2 but where in apm 1.34.1, it is still having 2.12.4. So are there any plans to increase log4j version or is it the max version that will be supported?

NVD - cve-2020-9488 Fixed in Apache Log4j 2.12.3 and 2.13.1
Please contact your vulnerability scanner vendor and ask them to correct the false positive error

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.