Avatar

Community Advisor

We are on 7.0 21.1  build 9282 and it's using 

 

log4j-1.2.11.jar

 

it's under 

$(XTK_INSTALL_DIR)/java/lib/log4j-1.2.11.jar

 

this version does not contain the jndilookup library which is added from version 2

 

 

So we are good, right?  at least for this vulnerability