0 votes
381 views
There is a blog post dated December 2021 indicating openLCA is not impacted by the log4j 2.x vulnerabilies. However, log4j 1.x hasn't been supported since August of 2015 and has many know significant vulnerabilities as well. An answer here or in another blog post commenting on the vulnerability of log4j 1.x within your code/implementation would be much appreciated.
in openLCA by (120 points)

1 Answer

0 votes
by (126k points)
Well, we do not use log4j at all any more in version 2 of openLCA, thus no plans to upgrade to a supported version? Or am I not getting your question?
by (126k points)
Yes that is for the old 1.11 version. Uninstall this version befoe installing version 2.
...