#security Information regarding the CVE-2021-4428 - log4j RCE vulnerability and Project Harbor #security

Vadim Bauer

Hello Harbor Users,

since the publication of the Apache log4j Vulnerability CVE-2021-44228 on Dec. 9, 2021 the Harbor community receives frequent questions on the effects of the vulnerability to project Harbor.


Project Harbor is built with Golang, and is not running or using the JVM. Nor does project Harbor use any Java library, including log4j.  
This also applies to any subsystem and auxiliary services that belong to project Harbor and the Harbor Software stack.




Vadim Bauer
Project Harbor Maintainer

Join {harbor-users@lists.cncf.io to automatically receive all group messages.