Log4j/Log4Shell vulnerability

[lasp...@gmail.com]

Does PSI-Probe utilize Log4J and/or has it been tested and patched for the new Log4Shell attack vulnerability?

 

Log4Shell info:

https://www.trendmicro.com/en_us/research/21/l/patch-now-apache-log4j-vulnerability-called-log4shell-being-acti.html

 

Virus-free. www.avast.com

[haze...@gmail.com]

Not affected.  The runtime does not include log4j2.  The build uses it only so that users of log4j2 can retrieve their logs within the product.  Look in the WAR/lib to confirm.  The project itself uses slf4j/logback for logging needs.  And any/all build aretifacts are constantly updated on master on the project including every patch log4j pushed.