Log4j vulnerability doesn’t affect tinylog

December 13, 2021

Due to the critical vulnerability CVE-2021-44228 in Log4j 2.14.1 and prior, I receive questions about the relevance to tinylog. The good news is that tinylog 1 and 2 are not affected. tinylog does not depend on Log4j 2. Both projects do not share any source code. tinylog is an independent logging framework and does not use JNDI.

Leave a Comment

Leave a Reply to martin Cancel reply

Your email address will not be published.