Also consider if NetBeans Platform apps are likely to be in a situation where malicious input is possible to exploit the vulnerability in the first place. I suppose if the update centre or start page content were hacked it could be a vector to get malicious input into the NB logging.
So the main concern is if log4j is used in the servers or if your platform app logs input from the wild. I think you also have to be running on an older JVM, don’t you? Scott > On Dec 15, 2021, at 7:06 PM, Alonso Del Arte <alonso.dela...@gmail.com> wrote: > > > Excellent question. I hope not. I'll check if there's been any discussion in > the Slack... > >> On Wed, Dec 15, 2021 at 2:13 PM Mike Hallan <mkhal...@yahoo.com.invalid> >> wrote: >> Does Netbeans Platform at any level use Log4j? I was thinking maybe the >> logging module may, if not use it, then be based on it. >> >> Are applications built on Netbeans Platform are in any way vulnerable to >> Log4j exploits as described at >> mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 ? >> >> Thanks, >> Mike > >
