Update SECURITY.md

This commit is contained in:
Ozzie Isaacs 2022-03-19 18:01:51 +01:00 committed by GitHub
parent 034ab73ccc
commit 39459603d4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -36,6 +36,6 @@ To receive fixes for security vulnerabilities it is required to always upgrade t
| V 0.6.17 | The SSRF Protection can no longer be bypassed via 0.0.0.0 and it's ipv6 equivalent. Thanks to @r0hanSH ||
## Staement regarding Log4j (CVE-2021-44228 and related)
## Statement regarding Log4j (CVE-2021-44228 and related)
Calibre-web is not affected by bugs related to Log4j. Calibre-Web is a python program, therefore not using Java, and not using the Java logging feature log4j.