Le 07/02/2022 à 23:23, Murphy Sifa a écrit :
Hi Lilypond Software,
We are analysing our suite of SaaS vendors for exposure to the log4j
vulnerability. I can’t find a statement on your page about the
products that La Trobe is using.
Can you please provide me with the log4j vulnerability status of your
products?
Thank you
IS-Security La Trobe University
Well, LilyPond is not SaaS (and also free/libre software and
not sold by the way), and does not run in a web browser but
on your computer. The log4shell vulnerability has no relevance
for LilyPond. It may be relevant if you are using LilyPond
through some kind of Web-based editor, in which case you
would have to contact that team for information.
Best regards,
Jean
