[
https://issues.apache.org/jira/browse/PDFBOX-5346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17461247#comment-17461247
]
Amit Maheshwari commented on PDFBOX-5346:
-----------------------------------------
Thanks a lot [~lehmi] .
Sure, we will take care to post our query in right medium
> PDFBox 2.0.12 | Regarding log4j 0 day vulnerability
> ---------------------------------------------------
>
> Key: PDFBOX-5346
> URL: https://issues.apache.org/jira/browse/PDFBOX-5346
> Project: PDFBox
> Issue Type: Task
> Affects Versions: 2.0.12
> Reporter: Amit Maheshwari
> Priority: Critical
>
> We are using PDFBox 2.0.12 in our software.
> We found that 'commons logging' is dependency of PDFBox and Log4J is
> dependency of commons logging.
> We have not done any explicit configuration for log4j, in that case, will the
> PDFBox or Commons Logging will consume Log4J solution by any chance?
> If yes, what is recommendation of avoiding it (and any possibility to
> compromise due to 0 day vulnerability present in Log4J in 2.0.12)
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
