You are viewing a plain text version of this content. The canonical link for it is here.
Posted to api@directory.apache.org by Emmanuel Lécharny <el...@gmail.com> on 2022/01/06 08:49:34 UTC
Re: log4j update
Actually, the Apache Directory LDAP API does *not* use Log4j at all,
being an API.
It uses SLF4J and depends on whatever logger the user selects.
On 21/12/2021 16:50, Shawn McKinney wrote:
>
>> On Dec 21, 2021, at 3:18 AM, Wartner , Steffen - SID-LRZS <St...@rz.smf.sachsen.de> wrote:
>>
>> my name is Steffen Wartner and I'm using the Apache Directory LDAP API for one of my projects. There are security issues with log4j (see https://logging.apache.org/log4j/2.x/security.html) and I wanted to ask, when the log4j Version 1.2.17 will be updated to 2.17.0 ?
>
> Hello Steffen,
>
> The LDAP API uses Log4j 1.2x which is not affected by the Log4Shell (CVE-2021-44228).
>
> Thanks
>
> —
> Shawn
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: api-unsubscribe@directory.apache.org
> For additional commands, e-mail: api-help@directory.apache.org
>
--
*Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
T. +33 (0)4 89 97 36 50
P. +33 (0)6 08 33 32 61
emmanuel.lecharny@busit.com https://www.busit.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: api-unsubscribe@directory.apache.org
For additional commands, e-mail: api-help@directory.apache.org