- Mark as New
- Follow
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report
We are on 7.0 21.1 build 9282 and it's using
log4j-1.2.11.jar
it's under
$(XTK_INSTALL_DIR)/java/lib/log4j-1.2.11.jar
this version does not contain the jndilookup library which is added from version 2
So we are good, right? at least for this vulnerability