In December 2021, a critical security vulnerability (CVE-2021-44228) was discovered in Apache Log4j.

After an internal audit, we confirm that ZK Framework and ZK Components are NOT using the affected Log4j versions and are thus NOT impacted by such vulnerability.

ZK Framework
Log4j is not being used.

ZK Addons
In our spreadsheet and pivot table products that depend on the zpoi library, a non-affected Log4j version (1.12.x) is being used. The said version does not contain any known security vulnerability.

While ZK does NOT use the affected Log4j, if you included or identified an affected Log4j in your projects, in most cases you can simply exclude it, or upgrade it to the suggested version. If you have any further questions on this, please contact us at [email protected].

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.

Leave a Reply