fernandreu
commented
2 years ago Hi @shradewm, no, the tool is not affected by the log4j vulnerability, so there is no need to stop using it / wait for an update.
A bit more explanation for anybody that needs to be reassured about that. Apache log4j is a Java library used for logging to different sinks (a file, the console, etc.). However:
- This tool does not perform any kind of logging
- Even if it did, the tool is written in C# instead of Java. Hence, I wouldn't be able to use the original log4j library
- Even if I added logging at some point, and I used the C# port of log4j for that (i.e. log4Net), it seems only the original Java implementation is affected by the vulnerabilities (see this)
Is the office-ribbonx-editor affected by the Apache log4j volunerability? If so is there an update to address the volunerability?