Due to the critical vulnerability CVE-2021-44228 in Log4j 2.14.1 and prior, I receive questions about the relevance to tinylog. The good news is that tinylog 1 and 2 are not affected. tinylog does not depend on Log4j 2. Both projects do not share any source code. tinylog is an independent logging framework and does not use JNDI.
Log4j vulnerability doesn’t affect tinylog
December 13, 2021