Vulnerable to log4j flaw?

I haven’t seen any statement from Synthing on the vulnerability. Is Syncthing susceptible to the log4j flaw? Specifically the relay server software as that’s what I run.

https://www.reddit.com/r/msp/comments/rdba36/critical_rce_vulnerability_is_affecting_java/

Syncthing itself and the relay server are written in Go language. They don’t use log4j at all, which is a Java library.

(Faster than @Nummer378 by a single second :smiley: )

3 Likes

Log4j is a Java library. Syncthing and its components are written in Go, a different programming language.

(@acolomb was faster than me :grinning:)

2 Likes

Ha OK thanks guys, glad to hear it.

1 Like

The Android app (which actually is written in Java) is not using it as well: Search · log4j · GitHub