Skip to content
Advertisement

What is the current version of log4j-nosql and is it save?

For obvious reasons I am trying to update log4j to version 2.15.

However the submodule log4j-nosql seems to be discontinued after 2.9.1: https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-nosql/

Is updating this submodule necessary? Which submodule contains the exploit?

Advertisement

Answer

I see no evidence that it’s “discontinued”, it’s just effectively feature-complete. They haven’t needed to update it, so they haven’t updated it.

Is updating this submodule necessary?

No. There hasn’t even been a release of this since 2017, so there’s nothing to update it to.

Which submodule contains the exploit?

log4j-core

User contributions licensed under: CC BY-SA
4 People found this is helpful
Advertisement