Log4j2 Vulnerability and SmallRye

[Roberto Cortez]

Hi,

We just published a blog about the recent discovery of the Log4j2 Vulnerability and how it affects SmallRye (it doesn’t):

https://smallrye.io/blog/log4j2-vulnerability/

Aside for a couple of projects that have log4j2 as a test dependencies, SmallRye libraries do not include or use any log4j artifacts in their runtime dependencies. Even if SmallRye itself is not directly affected by this vulnerability, runtimes may be compromised. We advice to check and upgrade the log4j2 version.

Cheers,

Roberto