Skip to content
This repository has been archived by the owner on Jan 21, 2024. It is now read-only.

is the JSON logger not affected by the latest reported log4j vulnerability #33

Open
tholitz-tolentino opened this issue Dec 13, 2021 · 1 comment
Open

is the JSON logger not affected by the latest reported log4j vulnerability #33

tholitz-tolentino opened this issue Dec 13, 2021 · 1 comment

Comments

@tholitz-tolentino
Copy link

Hi,

I would just like to confirm if the JSON logger connector is still good to be used with regards to the recently reported log4j vulnerability as discussed here.

https://blog.cloudflare.com/inside-the-log4j2-vulnerability-cve-2021-44228/

Mule has released a patch to mitigate the issue.. Would this suffice or do we need updating in the JSON logger as well?

Thanks
@GeraldLoeffler
Copy link

JSON logger uses log4j but doesn't bundle log4j. So with regards to that log4j vulnerability it doesn't behave differently to doing logging straight from the Mule app, without JSON logger.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@GeraldLoeffler @tholitz-tolentino