Hello Harbor Users,

since the publication of the Apache log4j Vulnerability CVE-2021-44228 on Dec. 9, 2021 the Harbor community receives frequent questions on the effects of the vulnerability to project Harbor.

Details

Project Harbor is built with Golang, and is not running or using the JVM. Nor does project Harbor use any Java library, including log4j.  
This also applies to any subsystem and auxiliary services that belong to project Harbor and the Harbor Software stack.

Impact

None


sincerely

Vadim Bauer
Project Harbor Maintainer