Skip to content
This repository has been archived by the owner on Nov 22, 2024. It is now read-only.

Podium and Log4j(2) vulnerability ? #361

Open
rtnieuwboer opened this issue Dec 14, 2021 · 1 comment
Open

Podium and Log4j(2) vulnerability ? #361

rtnieuwboer opened this issue Dec 14, 2021 · 1 comment
Assignees
@gijskant

Comments

@rtnieuwboer
Copy link

Is Podium vulnerable for the Log4j(2) vulnerability ?

Thanks.
@gijskant
Copy link
Contributor

Hi René,

Sorry for my late reply, I somehow did not get a notification of this issue being opened.
Earlier versions of Podium did use log4j, but the latest releases use logback (a log4j alternative).
Initially we did receive a notification about Podium being vulnerable, but that was bases on the log4j-api dependency (which is in Podium). The vulnerability is in log4j-core (not in Podium). See: https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314719.

Kind regards,
Gijs

@gijskant gijskant self-assigned this Jan 18, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@gijskant gijskant

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gijskant @rtnieuwboer