Is Apache Log4j used in Mendix and/or is Mendix vulnerable to a Log4J hack?
Is Apache “Log4J 2” used in Mendix and/or is Mendix vulnerable to a Apache “Log4J 2” hack? The news is that Apache Log4J can give hackers the opporunity to insert code. https://tweakers.net/nieuws/190602/ernstige-kwetsbaarheid-in-apache-log4j-2-kan-duizenden-organisaties-treffen.html. As far as I can see our userlib folder contains a jar file with the java class org.apache.commons.logging.impl.Log4JLogger in version 1.2. I am not sure if this is the same as Log4J 2. This jar file is added by the Community Commons appstore module. Any advice?
”We can share that Mx Runtime is not exposed to this vulnerability, and that applies to Mx7, Mx8 and Mx9 versions in our Cloud Offering. For the other Platform parts we are investigating and will post a more in-depth update shortly.”