On Fri, Dec 17, 2021 at 10:18 AM Jason Abreu <jace.ab...@gmail.com> wrote:
> A cursory file search in my NetBeans 12.6 folder shows "log4j-1.2.15.jar" > in the "netbeans\ide\modules\ext" path. > > The vulnerability only seems to be in log4j versions 2+ so I don't think > there is anything to worry about with the NetBeans IDE, itself. > > - Jason > That seems to be the consensus on the Slack channel. Also, as far as I can tell, NetBeans never generates Log4j calls into your projects (it does add java.util.logging if you have it generate an exception handler, but that's in the JDK rather than from a third party). Al
