Todd1561
(Todd Nelson)
December 14, 2021, 7:26pm
1
I haven’t seen any statement from Synthing on the vulnerability. Is Syncthing susceptible to the log4j flaw? Specifically the relay server software as that’s what I run.
https://www.reddit.com/r/msp/comments/rdba36/critical_rce_vulnerability_is_affecting_java/
acolomb
(André Colomb)
December 14, 2021, 7:50pm
2
Syncthing itself and the relay server are written in Go language. They don’t use log4j at all, which is a Java library.
(Faster than @Nummer378 by a single second )
3 Likes
Log4j is a Java library. Syncthing and its components are written in Go, a different programming language.
(@acolomb was faster than me )
2 Likes
Todd1561
(Todd Nelson)
December 14, 2021, 8:01pm
4
Ha OK thanks guys, glad to hear it.
1 Like
The Android app (which actually is written in Java) is not using it as well: Search · log4j · GitHub