Just checking whether we should be waiting for an update…
Hi,
No, ELAN is not affected by the Log4Shell vulnerability.
ELAN 6.2 and 6.1 don’t contain a log4j library at all, earlier versions of ELAN included an older version, log4j 1.x (only used for one particular search function).
The Log4Shell vulnerability concerns log4j2 versions; log4j2 is fundamentally different from log4j and has never been part of an ELAN distribution. Therefore there is no need to wait for an update of ELAN.
-Han
1 Like