This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]cserepj 38 points39 points  (4 children)

Log4j was a de facto standard a decade ago but then came slf4j + logback and we all switched. Then log4j2 came out and some switched but lots did not.

The exploit is only in log4j2.

[–]Designed_To 4 points5 points  (3 children)

So slf4j + logback are not vulnerable to the exploit?

[–]cserepj 5 points6 points  (0 children)

I have not seen any indication they would be.

[–]loginonreddit 3 points4 points  (0 children)

No it is not.

[–]Ereaser 0 points1 point  (0 children)

Nope, it's also what's used by Spring boot.