SikuliX

What about log4j 2.x vulnerability --- not used in SikuliX

Asked by Marc

--------------- info
In some dependency of SikuliX log4j is mentioned as a dependency, but the version is 1.2.17.
Since the vulnerable version is log4j 2.x, it is correct, that SikuliX neither uses nor depends on the vulnerable log4j.
hence nothing to do with SikuliX.
----------------------------------------

Hi,
Does sikulix is exposed to the log4j vulnerability?
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
If yes, what do you recommend?
Regards,
Marc

Question information

Language:
English Edit question
Status:
Solved
For:
SikuliX Edit question
Assignee:
No assignee Edit question
Solved by:
Marc
Solved:
Last query:
Last reply:
Revision history for this message
RaiMan (raimund-hocke) said : 		#1

log4j is not used in SikuliX (log feature is a private implementation).

The bundled Tesseract uses slf4j.

Revision history for this message
Marc (cram55) said : 		#2

thanks
Marc