debdutdeb
commented
2 years ago Hi, we don't have any dependencies on log4j, thus we shouldn't be affected.
I'll confirm with our engineering team. Closing this since not a bug.
Closed srkunze closed 2 years ago
debdutdeb
commented
2 years ago Hi, we don't have any dependencies on log4j, thus we shouldn't be affected.
I'll confirm with our engineering team. Closing this since not a bug.
Philipp3211
commented
2 years ago @debdutdeb Has the engineering team confirmed, that you are not affected?
debdutdeb
commented
2 years ago Yes @Philipp3211 :)
derspotter
commented
2 years ago I think this is incorrect. With sudo find / -name "log4j*" I found .../app/bundle/programs/server/npm/node_modules/moleculer/src/loggers/log4js.js I believe this is in rocket.chat or am I mistaken?
gronke
commented
2 years ago From https://github.com/log4js-node/log4js-node/blob/master/README.md
Although it's got a similar name to the Java library log4j, thinking that it will behave the same way will only bring you sorrow and confusion.
derspotter
commented
2 years ago From https://github.com/log4js-node/log4js-node/blob/master/README.md
Although it's got a similar name to the Java library log4j, thinking that it will behave the same way will only bring you sorrow and confusion.
So log4js is not affected? I am relieved. Thank you for the fast answer.
fdellwing
commented
2 years ago This is a Java specific bug, the same library in any other language will not have this problem.
Just one question regarding the vulnerability of log4j. Is RocketChat affected?