Vulnerability in Apache Log4j Library

Hi, could someone give a clarification if the Apache Log4j Library is used in some of the underlying components in Meteor framwork? As probably most people knows by now, this is a widely exploited vulnerability (CVE-2021-44228), which should be urgently fixed.

1 Like

Log4j isn’t in Meteor. You can check any repo by searching in github for the string log4j