Page 1 of 1
Log4J Library Version Upgrade for Security Reasons
Posted: 28 Oct 2025, 06:47
by pogospike
hi, our security team has flagged that log4j library version that is bundled with Smartfox requires to be updated because of Vulnerabilities and that it is end of life. Is there any plan to update version of the library?
https://nvd.nist.gov/vuln/detail/CVE-2022-23302Thanks!
Re: Log4J Library Version Upgrade for Security Reasons
Posted: 28 Oct 2025, 07:23
by Lapo
Hi,
the vulnerability linked here refers to a specific component (JMSSink) which is not configured or activated by SmartFoxServer, therefore it has no impact on SmartFoxServer's security.
Cheers
Re: Log4J Library Version Upgrade for Security Reasons
Posted: 28 Oct 2025, 09:48
by pogospike
Okay thanks for the reply!
But, is there a plan to upgrade the library as it is pretty old now and end of life.
Re: Log4J Library Version Upgrade for Security Reasons
Posted: 29 Oct 2025, 10:42
by Lapo
Not at the moment.
Cheers