You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# This Scanner Only Reports Hits Against The `log4j-core` Library. What About `log4j-api`?
56
56
57
-
Many scanners (including GitHub's own [Dependabot](/dependabot)) currently report both "`log4j-core`" and "`log4j-api`" libraries as vulnerable. These scanners are incorrect. There is currently no existing version of the "`log4j-api`" library that can be exploited by any of these vulnerabilities.
57
+
Many scanners (including GitHub's own [Dependabot](https://github.com/dependabot)) currently report both "`log4j-core`" and "`log4j-api`" libraries as vulnerable. These scanners are incorrect. There is currently no existing version of the "`log4j-api`" library that can be exploited by any of these vulnerabilities.
58
58
59
59
At MergeBase we pride ourselves on our scan accuracy. You're already busy enough patching all your systems to upgrade `log4j-core`. We don't want you to waste your time with false positives. That's why we don't report any hits against `log4j-api`.
0 commit comments