A cursory file search in my NetBeans 12.6 folder shows
"log4j-1.2.15.jar" in the "netbeans\ide\modules\ext" path.
The vulnerability only seems to be in log4j versions 2+ so I don't think
there is anything to worry about with the NetBeans IDE, itself.
- Jason
On 12/15/21 2:13 PM, Mike Hallan wrote:
Does Netbeans Platform at any level use Log4j? I was thinking maybe
the logging module may, if not use it, then be based on it.
Are applications built on Netbeans Platform are in any way vulnerable
to Log4j exploits as described at
mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 ?
Thanks,
Mike