Is plantuml affected by log4j security vulnerability?

0 votes
asked Dec 12, 2021 in Question / help by anonymous

A zero-day vulnerability affects all users of log4j Java library. See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228

Does this affect PlantUML directly? Or the Docker images listed on "Running" page?

1 Answer

+1 vote
answered Dec 12, 2021 by plantuml (277,020 points)

The core library itseft (plantuml.jar) does not use log4j. So it is definitively not affected.

The web server project does use log4j. However, by chance, the only logs occur in a test case.

So the docker and the server are not affected by this vulnerability.

commented Dec 12, 2021 by anonymous
Great news, thanks a lot!
...