Which versions of riemann, if any, are susceptible to log4shell (log4j vulnerability)?

Question

Which versions of riemann, if any, are susceptible to log4shell (log4j vulnerability)?

ahungry opened this issue 2 years ago · 1 comments

Which versions of riemann may be impacted? For instance, riemann-0.3.1 uses slf4j-over-log4j, which the linked page notes could be exposed to the log4shell issue.

Answer 1 · 2021-12-13T21:39:18.000Z

Thanks for reaching out. Riemann is not vulnerable - we use Logback as the backend to slf4j - which isn't vulnerable to the issue.