Any plans to upgrade log4j to a supported version?

Question

There is a blog post dated December 2021 indicating openLCA is not impacted by the log4j 2.x vulnerabilies. However, log4j 1.x hasn't been supported since August of 2015 and has many know significant vulnerabilities as well. An answer here or in another blog post commenting on the vulnerability of log4j 1.x within your code/implementation would be much appreciated.

Answer 1

Well, we do not use log4j at all any more in version 2 of openLCA, thus no plans to upgrade to a supported version? Or am I not getting your question?

Comments

Yes that is for the old 1.11 version. Uninstall this version befoe installing version 2.