Log4j CVE (non)-impact

Peter Schober peter.schober at univie.ac.at
Sun Dec 12 20:12:38 UTC 2021

* Pavel Šipoš <pavel.sipos at arnes.si> [2021-12-12 14:04]:
> Is the Shibboleth SP (3.2.3 or older) safe from log4j exploit too?

The log4cpp (and log4shib) config may be inspired (or outright copied)
from log4j but the implementation is different.
And the Shib SP hasn't been rewritten in Java, just yet.


More information about the users mailing list