[jira] [Commented] (GUACAMOLE-1474) Apache Log4j Security Vulnerabilities | CVE-2021-44228

Mike Jumper (Jira) Sat, 11 Dec 2021 23:17:31 -0800


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-1474?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17457856#comment-17457856
 ]


Mike Jumper commented on GUACAMOLE-1474:
----------------------------------------

*Apache Guacamole does not use log4j.* It is not impacted by CVE-2021-44228.

Guacamole uses "[logback|http://logback.qos.ch/]"; for its logging backend. See: 
https://guacamole.apache.org/doc/gug/configuring-guacamole.html#webapp-logging

> Apache Log4j Security Vulnerabilities | CVE-2021-44228 
> -------------------------------------------------------
>
>                 Key: GUACAMOLE-1474
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1474
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole-auth-jdbc
>    Affects Versions: 1.3.0
>            Reporter: kathiresh
>            Priority: Critical
>              Labels: patch
>
> Hi Team,
> Yesterday, there is security vulnerability found in log4j software. Issue has 
> to be solved within 2 days.
>  
> How impact to apache Guacamole and if yes when we can expect fix for the 
> same. 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (GUACAMOLE-1474) Apache Log4j Security Vulnerabilities | CVE-2021-44228

Reply via email to