> Additionally Log4j prior to version 2.0-beta9 are NOT affected by the recent vulnerability.
It is affected by older ones, like https://www.cvedetails.com/cve/CVE-2019-17571/ etc. On Tue, Dec 14, 2021 at 3:16 PM Markus Kirsten <[email protected]> wrote: > Hi, > I can’t see that POI 4.0.1 used Log4j - > https://urldefense.proofpoint.com/v2/url?u=https-3A__poi.apache.org_components_logging.html&d=DwIFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=z8Knaor1Zg-Y-a8CKhuVGUNs-mdnqQH_jm5MhbHoqKY&m=FFOiztZ-ppkekvQR2182IeukRXE4kPMxbL5bolJYRT9HdVuKJBVM0fUnVetDRD4X&s=CHPan1-cAsRvotasyaylqJlMHqbG-MxrtFI0qt0znbA&e= > and hence should NOT be affected by the vulnerability. Additionally Log4j > prior to version 2.0-beta9 are NOT affected by the recent vulnerability. > > Hope this helps, and somebody else can confirm. > > > Markus > > > > On 15 Dec 2021, at 00:09, Azeemuddin Khaja <[email protected]> wrote: > > > > We're using POI 4.0.1 which uses Log4j 1.2.17. Just want to confirm if > this is impacted by CVE-2021-44228 which recently identified a > vulnerability with Log4j ( > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.oracle.com_security-2Dalerts_alert-2Dcve-2D2021-2D44228.html&d=DwIFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=z8Knaor1Zg-Y-a8CKhuVGUNs-mdnqQH_jm5MhbHoqKY&m=FFOiztZ-ppkekvQR2182IeukRXE4kPMxbL5bolJYRT9HdVuKJBVM0fUnVetDRD4X&s=khRzQsjPJoQmuGt3QgzsHZTPSoCcJnfJ487ars2liHY&e= > ). > > > > NOTICE: This message, including all attachments transmitted with it, is > intended solely for the use of the Addressee(s) and may contain information > that is PRIVILEGED, CONFIDENTIAL, and/or EXEMPT FROM DISCLOSURE under > applicable law. If you are not the intended recipient, you are hereby > notified that any disclosure, copying, distribution, or use of the > information contained herein is STRICTLY PROHIBITED. If you received this > communication in error, please destroy all copies of the message, whether > in electronic or hard copy format, as well as attachments and immediately > contact the sender by replying to this email or contact the sender at the > telephone numbers listed above. Thank you! > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
