Verify that validator-java is not affected by log4j security issues

Question

Gregable opened this issue 3 years ago · comments

I suspect this is covered, but it's worth explicitly checking if possible.

It looks like the only string references are to a list of excluded packages, so this is probably fine:
https://github.com/ampproject/validator-java/search?q=log4j

George Luo · Answer 1 · Thu Dec 16 2021 01:14:02 GMT+0800 (China Standard Time)

yes, thankfully the validator does not log at all. just confirming, closing shortly.