OpenConext and log4j

2 views
Skip to first unread message

Thijs Kinkhorst

unread,
Dec 12, 2021, 9:38:45 AM12/12/21
to openc...@googlegroups.com
Hi all,

No doubt most of us are already well aware of the log4j vulnerability (https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/).

OpenConext uses logback, not log4j in the major components. We use log4j in a dependency of the PDP but this is the unaffected 1.x branch.

We therefore see no immediate action for OpenConext to take. Of anyone has concerns, or relevant information to share, please do not hesitate either on-list or via private message.


Kind regards,
Thijs

Reply all
Reply to author
Forward
0 new messages