Log4j Vulnerability - Githubissues

mperdeck / jsnlog

JSNLog for .Net. Combines jsnlog.js client side logging with .Net server side component to receive log messages and pass them to the server side logging package. Configure loggers in web.config.

jsnlog.com

MIT License

190 stars 38 forks source link

Log4j Vulnerability #195

Closed JimmyTT closed 2 years ago

JimmyTT commented 2 years ago

Hello, I've been reading up on the log4j vulnerability and use this package in my work.

This package is listed as a port for log4j, is this package vulnerable?

mperdeck commented 2 years ago

No, it is not vulnerable.

It does not use Log4J, which is a Java package. There is a .Net version of that package, Log4Net. The main JSNLog package does not use Log4Net either. However, if you use Log4Net in your own code and your code uses the .Net Framework (not .Net Core), you may be using the JSNLog.Log4Net adapter package. This does have a dependency on Log4Net.