Amit Maheshwari created PDFBOX-5346:
---------------------------------------
Summary: PDFBox 2.0.12 | Regarding log4j 0 day vulnerability
Key: PDFBOX-5346
URL: https://issues.apache.org/jira/browse/PDFBOX-5346
Project: PDFBox
Issue Type: Task
Affects Versions: 2.0.12
Reporter: Amit Maheshwari
We are using PDFBox 2.0.12 in our software.
We found that 'commons logging' is dependency of PDFBox and Log4J is dependency
of commons logging.
We have not done any explicit configuration for log4j, in that case, will the
PDFBox or Commons Logging will consume Log4J solution by any chance?
If yes, what is recommendation of avoiding it (and any possibility to
compromise due to 0 day vulnerability present in Log4J in older versions)
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
