+++ This bug was initially created as a clone of Bug #449822 +++ SUMMARY Our IT dept was not fully satisfied with the answer given on Bug#449822 . According to them there is a risk that Java is used embedded in other programming languages and therefore a possiblilty that Log4j is used somewhere embedded in the programming language used for Kdenlive. They would like to get a statement that "Kdenlive version 21.04.3 is NOT affected by vurnerabilities in Log4j (CVE-2021-44228)". Can you confirm this statement? SOFTWARE/OS VERSIONS Windows: 10 (Version 10.0.18363.2037)
I confirm: "Kdenlive version 21.04.3 is NOT affected by vulnerability in Log4j (CVE-2021-44228)" You can scan the archives we provide (windows/mac builds, linux appimage/flatpak): we don't have any link with Java.