Log4j2 Security Vulnerability and this SDK #1446
timtay-microsoft
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi all,
We've received a number of requests/comments from users of this SDK wondering if the recent Log4j2 security vulnerability impacts them, so I'm starting this thread to answer this question in detail and provide a forum for any further questions users may have on this topic.
This SDK does not have a dependency on Log4j2, so it is still safe to use this SDK.
This SDK only has a dependency on Slf4j as its logging interface library. By itself, Slf4j is not impacted by any of the recent Log4j2 CVEs. However, users who wish to capture the logs produced by this SDK provide their own logging implementation library such as Log4j2 or Logback. For existing users who use Log4j2 as their logging implementation library, you will need to either upgrade to the latest Log4j2 version as per the CVE's remediation steps, or you will need to switch to using a different logging implementation library.
Please let me know if you have any further questions or need any advice on this topic.
Thanks!
-Tim
Beta Was this translation helpful? Give feedback.
All reactions