Is the log4j vulnerability an issue in cuba?

As far as I understand, no, because CUBA Platform uses logback as logging engine, and does not have log4j-core dependency on Log4j version 2.0


Hi Yuriy,

As I understand it, there is a log4j 1.2 dependency in CUBA and that also has a similar type of vulnerability.

Can you comment on the exposure to this vulnerability?


Please check this post: