Clarification about Log4J vulnerability

The public knowledge pool and discussion forum of the OWS community. Do not post confidential information here!
Janak Mulani
Posts: 300
Joined: 24 Mar 2020, 13:37

Clarification about Log4J vulnerability

Post by Janak Mulani »

In order to avoid a possible conflict between OWS and the actual JNLP applications, both icedtea-web and OpenWebStart dispense with as many dependencies as possible. Therefore, OWS uses its own logging framework which is not affected by the Log4Shell exploit.

The code for logging in OWS can be viewed here:
https://github.com/AdoptOpenJDK/IcedTea ... eb/logging