Is the log4j vulnerability an issue in cuba?

As far as I understand, no, because CUBA Platform uses logback as logging engine, and does not have log4j-core dependency on Log4j version 2.0

2 Likes

Hi Yuriy,

As I understand it, there is a log4j 1.2 dependency in CUBA and that also has a similar type of vulnerability.

https://www.cvedetails.com/cve/CVE-2019-17571/

Can you comment on the exposure to this vulnerability?

Thanks.

Please check this post: