https://bugs.kde.org/show_bug.cgi?id=449822
Bug ID: 449822 Summary: Vurnability to CVE-2021-44228 in Apache Log4j framework Product: kdenlive Version: 21.04.3 Platform: Microsoft Windows OS: Microsoft Windows Status: REPORTED Severity: normal Priority: NOR Component: Installation Assignee: vpi...@kde.org Reporter: danny.zwa...@kronoberg.se Target Milestone: --- SUMMARY I work for the regional government "Region Kronoberg" (www.kronoberg.se) and in our healthcare organisation we your program KDenlive version 21.04.3 . Recently it became known that there is a vulnerability in the framework for JAVA called Apache Log4j. JAVA. Log4J is a log management framework that can be used in JAVA. We now examining all systems and software used in our organisation to see if these systems / software use Log4j. I would appriciate if the following questions can be answered: - Does your product Kdenlive version 21.04.3 contain the Log4J framework? - Is your product vulnerable to CVE-2021-44228? More information is available at: NVD - CVE-2021-44228 (nist.gov) If the answer on one of these questions is "Yes" answer even the following questions: - how do you intend to deal with the vulnerability? - How should we act as a user? - If there is no resolution availble at this moment WHEN is will a resolution be released and WHAT do you suggest we do in the meantime? Since this is a serious vulnerability I hope to get an answer very soon. With kind regards, Danny Zwaard SOFTWARE/OS VERSIONS Windows: 10 (Version 10.0.18363.2037) -- You are receiving this mail because: You are watching all bug changes.