pauby
commented
2 years ago Log4j is a Java logging library and is not used in CCM. See CVE-2021-44228 for more information on that vulnerability.
Log4Net is an entirely separate library and at this time has no known vulnerabilities at this time.
I'm going to go ahead and close this, but we can reopen later if needed.
Any advise if we need to take action, because of the log4j security flaw that was found ? CCM uses log4net.dll and this seems to be the exact .NET to the flawed library.