Is log4shell a problem in this project?

fast-data-transfer / fdt

FDT is an Application for Efficient Data Transfers which is capable of reading and writing at disk speed over wide area networks (with standard TCP). It is written in Java, runs an all major platforms and it is easy to use. FDT is based on an asynchronous, flexible multithreaded system and is using the capabilities of the Java NIO libraries.

https://fast-data-transfer.github.io/

Apache License 2.0

200 stars 45 forks source link

Is log4shell a problem in this project? #64

Open moidroid opened 2 years ago

moidroid commented 2 years ago

Hi, I just wonder if the recent day zero problem related to log4j is a problem in this project? Are you using that package at all and if so is it using any of those versions affected?

Cheers!

mshedsilegx commented 2 years ago

I'm not a project member, but good point. I do not see the offending class: JndiLookup.class anywhere in the fdt.jar

Per: META-INF\maven\log4j\log4j\ it looks like log4j 1.2.17 is used, so not vulnerable I would say.