Bug 450294

Summary: Vurnability to CVE-2021-44228 in Apache Log4j framework
Product: [Applications] kdenlive Reporter: Danny Z <danny.zwaard>
Component: Setup & InstallationAssignee: Vincent PINON <vpinon>
Status: CLOSED FIXED    
Severity: normal CC: fritzibaby, vpinon
Priority: NOR    
Version First Reported In: 21.04.3   
Target Milestone: ---   
Platform: Microsoft Windows   
OS: Microsoft Windows   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Bug Depends on: 449822    
Bug Blocks:    

Description Danny Z 2022-02-15 09:03:13 UTC 
+++ This bug was initially created as a clone of Bug #449822 +++

SUMMARY
Our IT dept was not fully satisfied with the answer given on Bug#449822 . According to them there is a risk that Java is used embedded in other programming languages and therefore a possiblilty that Log4j is used somewhere embedded in the programming language used for Kdenlive.
They would like to get a statement that "Kdenlive version 21.04.3 is NOT affected by vurnerabilities in Log4j (CVE-2021-44228)".
Can you confirm this statement?

SOFTWARE/OS VERSIONS
Windows: 10 (Version 10.0.18363.2037)
Comment 1 Vincent PINON 2022-02-15 09:31:56 UTC 
I confirm: "Kdenlive version 21.04.3 is NOT affected by vulnerability in Log4j (CVE-2021-44228)"
You can scan the archives we provide (windows/mac builds, linux appimage/flatpak): we don't have any link with Java.