On Sat, Dec 11, 2021 at 9:39 AM Amarjeet Singh <[email protected]> wrote:
> Hi All, > > Does guacamole components have Apache log4j Vulnerability CVE-2021-4428 > <https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/> > ?? > > Amarjeet, First, please AVOID ALL CAPS, EVEN IN THE SUBJECT LINE. IT IS LIKE SHOUTING AT SOMEONE. We will still answer your request if you use regular case and "speak" in a normal tone :-). To answer your question, no Guacamole is not impacted by the log4j vulnerability. Guacamole uses logback instead of log4j, and even excludes log4j from several Maven-based dependencies. Thus, at the moment, we do not believe there is any vulnerability in Guacamole related to this. -Nick >
