Apache log4 vulnerability

[Rashida Henry]

Hi igv-help,

Currently using IGV 2.9.4

-          Which version of IGV is not affected by the log4j vulnerability ?

-          Which version of Apache log4j is being used in IGV v2.9.4 ?

Thank you for any advice.

Best,

Rashida

[James Robinson]

You need the latest version if you are concerned about that, 2.11.9 does not use log4j.   All versions from 2.4.1 to 2.11.7  use a vulnerable log4j.    The risk is very low for IGV, which is a desktop not a web application, but again install the latest to reduce the risk to zero.