Does it have the log4j vulnerability?
kirangurumukhi opened this issue · comments
Kiran Gurumukhi commented
Since log4r is based off log4j, I wanted to confirm if it is prone to the log4j vulnerability described here: [(https://nvd.nist.gov/vuln/detail/CVE-2021-44228)]
Any inputs would be appreciated?
Johnny Breen commented
I had the same concern but based on this link, that doesn't appear to be the case because ports, like those used in R, don't use the JVM as far as I am aware.
Nonetheless, it would be good to get confirmation on whether the same design flaw exists if possible (cc @johnmyleswhite, @atheriel)
Aaron Jacobs commented
We are in no way affected by that CVE, nor is there an analogous design flaw in this package.