[ https://issues.apache.org/jira/browse/PDFBOX-5346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17461247#comment-17461247 ]
Amit Maheshwari commented on PDFBOX-5346: ----------------------------------------- Thanks a lot [~lehmi] . Sure, we will take care to post our query in right medium > PDFBox 2.0.12 | Regarding log4j 0 day vulnerability > --------------------------------------------------- > > Key: PDFBOX-5346 > URL: https://issues.apache.org/jira/browse/PDFBOX-5346 > Project: PDFBox > Issue Type: Task > Affects Versions: 2.0.12 > Reporter: Amit Maheshwari > Priority: Critical > > We are using PDFBox 2.0.12 in our software. > We found that 'commons logging' is dependency of PDFBox and Log4J is > dependency of commons logging. > We have not done any explicit configuration for log4j, in that case, will the > PDFBox or Commons Logging will consume Log4J solution by any chance? > If yes, what is recommendation of avoiding it (and any possibility to > compromise due to 0 day vulnerability present in Log4J in 2.0.12) -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org For additional commands, e-mail: dev-h...@pdfbox.apache.org