Log4Shell zero-day vulnerability in Log4j

5 个月 前
Customers would like an official statement from nopCommerce about Log4Shell (https://en.wikipedia.org/wiki/Log4Shell)  Are nopCommerce sites vulnerable to this?
5 个月 前
So this vulnerability does not affect nopCommerce because we don't use Log4j
5 个月 前
Log4j aka Log4Shell is a java logging library so nopCommerce doesn't use it.  Btw, There's a port for .Net also which is named log4net. If you manually changed the default logger to this one there could be security cautions !
5 个月 前
kazirahiv wrote:
... log4net. If you manually changed the default logger to this one there could be security cautions !

Log4Net is not affected, according to several posts elsewhere.  E.g.
https://stackoverflow.com/questions/70337145/does-log4j-security-violation-vulnerability-affect-log4net