The current version of log4cxx.dll is built with a version of "Expat" that has 4 known CVE's against it.
The 4 CVE's are: CVE-2013-0340 6.8 CVE-2012-1148 5.0 CVE-2012-0876 4.3 CVE-2012-1147 4.3 Log4cxx.dll is currently using expat's version 1.95.7. The latest available version of Expat is 2.1.0 - see http://www.libexpat.org. Thank you, Raviraj
