Hi, POI 5.1.0 uses Log4J 2 for logging. There has been an important new release of Log4J - version 2.15.0 - to mitigate a security issue. The POI team recommends that users upgrade their Log4J dependency to use the 2.15.0 release.
https://logging.apache.org/log4j/2.x/security.html https://www.lunasec.io/docs/blog/log4j-zero-day/ The lunasec blog includes details of a 'temporary' setting you can use to mitigate the issue (if you can't upgrade to log4j v2.15.0 yet). Regards, PJ --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
