![]() ![]() But basically, an application that uses log4j is running and allows end user input to be logged. I'll point to the Apache's website which describes it. Log4J Vulnerability is explained several places The package I examined was apache-groovy-sdk-3.0.9.zip downloaded from this page Groovy website page. This is how I came up with my conclusion that Groovy does not have the log4j vulnerability. It is not a server side application, and has no background processes listening for incoming requests. Groovy is basically a compiler that converts Groovy or Java code into JVM code.Two wrapper files that likely delegate to whatever version of log4j the user has selected.the Groovy command (in Linux) is a shell script, so no Log4J there.My research says no it is not affected because of the following: ![]() OS: LinuxĪ simple search on the internet and stackoverflow did not find the answer. I have version 3.0.7 based on groovy -version command which gives this output: Groovy Version: 3.0.7 JVM: 17.0.1 Vendor: Red Hat, Inc. I'm using Groovy and was asked if Groovy (version 3) has the Log4J vulnerabilty, and I said I would check. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |