Log4Shell zero-day vulnerability in Log4j

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.

Total Posts: 4
Karma: 20
Joined: 8/2/2016
Location: United States

Posted: 2 years ago

Customers would like an official statement from nopCommerce about Log4Shell (https://en.wikipedia.org/wiki/Log4Shell) Are nopCommerce sites vulnerable to this?

a.m.

Team Member

Total Posts: 16612
Karma: 155815
Joined: 10/22/2008
Location: Armenia

Posted: 2 years ago

So this vulnerability does not affect nopCommerce because we don't use Log4j

kazirahiv

Certified Developer

Total Posts: 57
Karma: 517
Joined: 6/17/2020
Location: Bangladesh

Posted: 2 years ago

Log4j aka Log4Shell is a java logging library so nopCommerce doesn't use it. Btw, There's a port for .Net also which is named log4net. If you manually changed the default logger to this one there could be security cautions !

New York

MVP

Total Posts: 11325
Karma: 100987
Joined: 5/22/2011
Location: United States

Posted: 2 years ago

kazirahiv wrote:

... log4net. If you manually changed the default logger to this one there could be security cautions !

Log4Net is not affected, according to several posts elsewhere. E.g.
https://stackoverflow.com/questions/70337145/does-log4j-security-violation-vulnerability-affect-log4net

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.

Still have questions or need help?

. Premium support services . Get dedicated support from the nopCommerce team with a guaranteed response within 24 hours.

. Online course for developers . Get the practical and technical skills you need to run and customize nopCommerce websites.