My team is using Corda OS version 4.7 (Upgrading to 4.8 gave us some memory optimization issues). What is the guidance on the latest version of Log4j that can be used(reference the Log4j vulnerability detected last month) ? We were using v2.9.1 but could upgrade only to v2.12.0 due to some other dependencies. Now looking to resolve and upgrade to v 2.17 but when we did a dependency check we noticed Corda itself uses some older versins of Log4j. I see a path in Corda 4.8 Enterprise version for this. Is a patch or recommended upgrade available for the community version also?
Please use the latest Corda 4.7.x version: 4.7.6.
Or you can directly get the jar file from Artifacts at: Index of corda-releases/net/corda/corda/4.7.6