What is the current version of log4j-nosql and is it save?

Question

For obvious reasons I am trying to update log4j to version 2.15.

However the submodule log4j-nosql seems to be discontinued after 2.9.1: https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-nosql/

Is updating this submodule necessary? Which submodule contains the exploit?

Answer

I see no evidence that it’s “discontinued”, it’s just effectively feature-complete. They haven’t needed to update it, so they haven’t updated it.

Is updating this submodule necessary?

No. There hasn’t even been a release of this since 2017, so there’s nothing to update it to.

Which submodule contains the exploit?

log4j-core

Accepted Answer

I see no evidence that it&#8217;s &#8220;discontinued&#8221;, it&#8217;s just effectively feature-complete. They haven&#8217;t needed to update it, so they haven&#8217;t updated it.Is updating this submodule necessary?No. There hasn&#8217;t even been a release of this since 2017, so there&#8217;s nothing to update it to.Which submodule contains the exploit?log4j-core

Advertisement

Answer