Chris
The log4j-over-slf4j library actually eliminates log4j by providing the classes and methods for log4j compatibility then routing those calls into slf4j, which is itself just a façade (“slf” stands for “Simple Logging Façade”) on top of whatever implementation is used for logging. In XNAT’s case, the logging implementation is logback, not log4j. And XNAT doesn’t include log4j2 at all.
XNAT does not have exposure to this vulnerability.
--
Rick Herrick
XNAT Architect/Developer
Computational Imaging Laboratory
Washington University School of Medicine
From:
xnat_di...@googlegroups.com <xnat_di...@googlegroups.com> on behalf of MarkC <mark.c...@gmail.com>
Date: Friday, December 10, 2021 at 5:32 AM
To: xnat_discussion <xnat_di...@googlegroups.com>
Subject: [XNAT Discussion] Log4j 2 vulnerability?
* External Email - Caution * |
--
You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
xnat_discussi...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/xnat_discussion/e3be6950-01e5-46f5-b347-67f904a1c9ecn%40googlegroups.com.
The materials in this message are private and may contain Protected Healthcare Information or other information of a sensitive nature. If you are not the intended recipient, be advised that any unauthorized use, disclosure, copying or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone or return mail.
No. XNAT uses no external dependencies or libraries for logging functionality.
To view this discussion on the web visit https://groups.google.com/d/msgid/xnat_discussion/019cccdd-f689-4c15-8db5-ff2cef762eean%40googlegroups.com.