Does Workbench/J use Log4j
213 views
Skip to first unread message
Richard Czech
Dec 13, 2021, 4:05:15 AM12/13/21
to SQL Workbench/J - DBMS independent SQL tool
Hello Thomas,
there is a warning about a severe vulnerability of Log4j.
Is Log4j used in Workbench/J?
Is Log4j used in Workbench/J?
Regards
Richard
Thomas Kellerer
Dec 13, 2021, 8:49:33 AM12/13/21
to sql-wo...@googlegroups.com
No, it does not.
You can configure it to use Log4J, but by default it uses home grown logging solution.
Thomas
You can configure it to use Log4J, but by default it uses home grown logging solution.
Thomas
Richard Czech
Dec 13, 2021, 10:08:39 AM12/13/21
to SQL Workbench/J - DBMS independent SQL tool
Thanks for the reply. I already found it in the ext folder and in I also found the chapter in the documentation describing how it can be used.
As we never configured the usage of Log4J we are on the safe side.
Thomas Kellerer
Dec 13, 2021, 11:06:16 AM12/13/21
to sql-wo...@googlegroups.com
Additionally: there is no real threat here.
Even if such a malicious log message was sent through Log4j, the code would be running on the computer that also runs SQL Workbench - and the user could run that code on that machine anyway (outside of SQL Workbench).
Regards
Thomas
Even if such a malicious log message was sent through Log4j, the code would be running on the computer that also runs SQL Workbench - and the user could run that code on that machine anyway (outside of SQL Workbench).
Regards
Thomas
Reply all
Reply to author
Forward
0 new messages