Verify that validator-java is not affected by log4j security issues
Gregable opened this issue · comments
Greg Grothaus commented
I suspect this is covered, but it's worth explicitly checking if possible.
It looks like the only string references are to a list of excluded packages, so this is probably fine:
https://github.com/ampproject/validator-java/search?q=log4j
George Luo commented
yes, thankfully the validator does not log at all. just confirming, closing shortly.