Home > Software design >  Was slf4j affected with vulnerability issue in log4j
Was slf4j affected with vulnerability issue in log4j

Time:12-16

I have implemented a POC and have used slf4j for logging. The zero day vulnerability issue in log4j, did that also impact slf4j logs?

CodePudding user response:

It depends. Slf4j is just an api, that can be using behind any of its implementions, being log4j just one. Check which one is using on the back, and if this is log4j and version prior to 2.15.0 (the one with the fix) you should update it (if it is exposed to users directly or indirectly)

CodePudding user response:

Depends on the underlying implementation of SLF4J. log4j 1.x is safe with respect to CVE-2021-44228. Thus, if your SLF4J provider/binding is slf4j-log4j12.jar, you are safe regarding CVE-2021-44228.

If you are using log4j-over-slf4j.jar in conjunction with the SLF4J API, you are safe unless the underlying implementation is log4j 2.x.

Check this - http://slf4j.org/log4shell.html

  • Related