Replies: 1 comment
-
WinMerge does not use log4j, which is a Java library, because it is basically written in C++. The exception is the Apache tika plugin, which uses log4j internally. The version of log4j used is 1.x, not the vulnerable version 2. Also, it does not appear to output any logs under normal use, so we do not see a problem. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Can you confirm that WinMerge is not impacted by CVE-2021-4428 (Log4j vulnerability)?
Beta Was this translation helpful? Give feedback.
All reactions