I have exactly the same understanding. Sent from my Galaxy
-------- Original message --------From: Markus Kirsten <mkirs...@gmail.com>
Date: 15/12/2021 00:16 (GMT+01:00) To: POI Users List <user@poi.apache.org>
Subject: Re: Log4J Security issue with POI 4.0.1 Hi,I can’t see that POI 4.0.1
used Log4j - https://poi.apache.org/components/logging.html and hence should
NOT be affected by the vulnerability. Additionally Log4j prior to version
2.0-beta9 are NOT affected by the recent vulnerability.Hope this helps, and
somebody else can confirm.Markus> On 15 Dec 2021, at 00:09, Azeemuddin Khaja
<akh...@my.uno.edu> wrote:> > We're using POI 4.0.1 which uses Log4j 1.2.17.
Just want to confirm if this is impacted by CVE-2021-44228 which recently
identified a vulnerability with Log4j
(https://www.oracle.com/security-alerts/alert-cve-2021-44228.html).> > NOTICE:
This message, including all attachments transmitted with it, is intended solely
for the use of the Addressee(s) and may contain information that is PRIVILEGED,
CONFIDENTIAL, and/or EXEMPT FROM DISCLOSURE under applicable law. If you are
not the intended recipient, you are hereby notified that any disclosure,
copying, distribution, or use of the information contained herein is STRICTLY
PROHIBITED. If you received this communication in error, please destroy all
copies of the message, whether in electronic or hard copy format, as well as
attachments and immediately contact the sender by replying to this email or
contact the sender at the telephone numbers listed above. Thank
you!---------------------------------------------------------------------To
unsubscribe, e-mail: user-unsubscribe@poi.apache.orgFor additional commands,
e-mail: user-h...@poi.apache.org
