is the JSON logger not affected by the latest reported log4j vulnerability

mulesoft-consulting / json-logger

Drop-in replacement for default Mule Logger that outputs a JSON structure based on a predefined JSON schema

MIT License

68 stars 212 forks source link

is the JSON logger not affected by the latest reported log4j vulnerability #33

Open tholitz-tolentino opened 2 years ago

tholitz-tolentino commented 2 years ago

Hi,

I would just like to confirm if the JSON logger connector is still good to be used with regards to the recently reported log4j vulnerability as discussed here.

https://blog.cloudflare.com/inside-the-log4j2-vulnerability-cve-2021-44228/

Mule has released a patch to mitigate the issue.. Would this suffice or do we need updating in the JSON logger as well?

Thanks

GeraldLoeffler commented 2 years ago

JSON logger uses log4j but doesn't bundle log4j. So with regards to that log4j vulnerability it doesn't behave differently to doing logging straight from the Mule app, without JSON logger.