Tue, 21 Dec 2021 08:21:30 GMT
Join the conversation at slack.cordova.io
Mon, 20 Dec 2021 12:10:55 GMT
@mario.kurzweil says
Is there anything to consider/thoughts about the log4j exploit? This is currently dominating the media …
Mon, 20 Dec 2021 12:32:17 GMT
@erisu says
None of our repos/code uses or includes log4j, as far as I am aware.
Mon, 20 Dec 2021 12:39:15 GMT
@gh says
There is an Xcode issue. Make sure you're using Xcode 13.2.1, especially if you are uploading to the iTunes Store. From the <https://developer.apple.com/documentation/xcode-release-notes/xcode-13_2_1-release-notes|Xcode 13.2.1 release notes>: “Xcode contains a copy of the log4j library that has the CVE-2021-44228 security vulnerability. Xcode automatically downloads an updated version of this library and installs it into
~/Library/Caches/com.apple.amp.itmstransporter
. When submitting apps to the App Store, Xcode uses the updated version of the library. (86390060)”