Page tree

Am I exposing myself to a log4j[1] vulnerability by installing WIPO Sequence?

In short, no. 

According to the Spring Boot documentation, only applications using log4j-core and including input in log messages are vulnerable and as the WIPO sequence validator uses only the log4j-to-slf4j and the log4j-api and both cannot be exploited on their own.  As such, the WIPO Sequence is not affected by this vulnerability.

[1] https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot