log4j 1.2.17

rle125

Registered Developer

Join Date: Feb 2011

Posts: 280
#1

log4j 1.2.17

10 Jul 2025, 09:06

SmartGWT 13.0p

I notice log4j 1.2.17 is still part of the 13.0p distribution. Do you know if it is vulnerable to these issues? Are there workarounds to avoid these vulnerabilities?

https://logging.apache.org/log4j/1.x/
Tags: None
Isomorphic

Administrator

Join Date: May 2006

Posts: 55219
#2

10 Jul 2025, 09:49

No, 13.0 does not have any of those vulnerabilities, because we don't use Log4j in a way that would make us vulnerable.

Later releases do use Log4j 2.x, basically because we kept getting asked this question!
Comment

Previous template Next

Announcement