[ovirt-users] Re: oVirt and log4j vulnerability
Once upon a time, Michal Skrivanek <michal.skrivanek(a)redhat.com> said:
We concluded the investigation and we believe we are not affected,
while a vulnerable log4j is being shipped (and will be fixed by wildfly/jboss) we are not
using this functionality in any of or components.
Wildfly reimplements log4j and we use that instead, all other usage is in compile time,
unit tests. We also use log4j 1.x but without the JMSAppender in runtime.
Thanks to MartinP for confirmation
Thanks for digging into this and checking.
--
Chris Adams <cma(a)cmadams.net>