log4j vulnerability with Xcode 12.5?

Does anyone know if log4j vulnerability affect Xcode 12.5?

Up vote post of Chaithra Down vote post of Chaithra
334 views
Posted by
Chaithra
Reply
Add a Comment

Replies

See my answer here: https://developer.apple.com/forums//thread/696785

See 13.2.1 release notes:

Xcode contains a copy of the log4j library that has the CVE-2021-44228 security vulnerability. Xcode automatically downloads an updated version of this library and installs it into ~/Library/Caches/com.apple.amp.itmstransporter. When submitting apps to the App Store, Xcode uses the updated version of the library. (86390060)

So, 13.2.1 handles this at the time you upload code.

Posted by
Claude31
Up vote reply of Claude31 Down vote reply of Claude31
Add a Comment