Inductive Automation Forum

Apache Log4J Vulnerability - CVE-2021-44228

ignition80, ignition79, ignition81

Kevin.Herron December 15, 2021, 9:28pm 12

False positive.

Log4J on Linux & Windows Ignition

Yes, should be good to go. The last version of Ignition that used log4j was 7.8, and it used something like log4j version 1.2.x, which isn’t affected by this CVE. Those who snoop around may find an artifact called log4j-over-slf4j, but this just a bridge that let us move from log4j to slf4j/logback without modifying every single file that had used a log4j logger.

3 Likes

Built in logger to a different file

show post in topic

Home
Categories
FAQ/Guidelines
Terms of Service
Privacy Policy

Powered by Discourse, best viewed with JavaScript enabled