#security Information regarding the CVE-2021-4428 - log4j RCE vulnerability and Project Harbor #security


Vadim Bauer
 

Hello Harbor Users,

since the publication of the Apache log4j Vulnerability CVE-2021-44228 on Dec. 9, 2021 the Harbor community receives frequent questions on the effects of the vulnerability to project Harbor.

Details

Project Harbor is built with Golang, and is not running or using the JVM. Nor does project Harbor use any Java library, including log4j.  
This also applies to any subsystem and auxiliary services that belong to project Harbor and the Harbor Software stack.

Impact

None


sincerely


Vadim Bauer
Project Harbor Maintainer

Join harbor-users@lists.cncf.io to automatically receive all group messages.