450294 – Vurnability to CVE-2021-44228 in Apache Log4j framework

Bug 450294 - Vurnability to CVE-2021-44228 in Apache Log4j framework

Summary: Vurnability to CVE-2021-44228 in Apache Log4j framework

Status:	CLOSED FIXED

Alias:	None

Product:	kdenlive
Classification:	Applications
Component:	Installation (show other bugs)
Version:	21.04.3
Platform:	Microsoft Windows Microsoft Windows

Importance:	NOR normal
Target Milestone:	---
Assignee:	Vincent PINON

URL:
Keywords:

Depends on:	449822
Blocks:
	Show dependency tree / graph

Reported:	2022-02-15 09:03 UTC by Danny Z
Modified:	2022-02-23 15:51 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Danny Z 2022-02-15 09:03:13 UTC

+++ This bug was initially created as a clone of Bug #449822 +++

SUMMARY
Our IT dept was not fully satisfied with the answer given on Bug#449822 . According to them there is a risk that Java is used embedded in other programming languages and therefore a possiblilty that Log4j is used somewhere embedded in the programming language used for Kdenlive.
They would like to get a statement that "Kdenlive version 21.04.3 is NOT affected by vurnerabilities in Log4j (CVE-2021-44228)".
Can you confirm this statement?

SOFTWARE/OS VERSIONS
Windows: 10 (Version 10.0.18363.2037)

Comment 1 Vincent PINON 2022-02-15 09:31:56 UTC

I confirm: "Kdenlive version 21.04.3 is NOT affected by vulnerability in Log4j (CVE-2021-44228)"
You can scan the archives we provide (windows/mac builds, linux appimage/flatpak): we don't have any link with Java.