Is plantuml affected by log4j security vulnerability?

asked Dec 12, 2021 in Question / help by anonymous

A zero-day vulnerability affects all users of log4j Java library. See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228

Does this affect PlantUML directly? Or the Docker images listed on "Running" page?

Your answer

Your name to display (optional):

Email me at this address if my answer is selected or commented on:

Privacy: Your email address will only be used for sending these notifications.

Anti-spam verification:

Please complete the anti-spam verification

[Antispam2 Feature: please please wait 1 or 2 minutes (this message will disappear) before pressing the button otherwise it will fail](--------)

To avoid this verification in future, please log in or register.

1 Answer

answered Dec 12, 2021 by plantuml (295,000 points)

The core library itseft (plantuml.jar) does not use log4j. So it is definitively not affected.

The web server project does use log4j. However, by chance, the only logs occur in a test case.

So the docker and the server are not affected by this vulnerability.

commented Dec 12, 2021 by anonymous

Great news, thanks a lot!

Your comment on this answer: