NunoSempere/calibre-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added log4j statement

Browse Source
This commit is contained in:
Ozzie Isaacs 2021-12-16 06:21:16 +01:00 committed by GitHub
parent f0399d04b7
commit 92f65882b2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
SECURITY.md
View File

@ -27,3 +27,6 @@ To receive fixes for security vulnerabilities it is required to always upgrade t
| V 0.6.14|Cross-Site Scripting vulnerability on typeahead inputs. Thanks to @notdodo||
## Staement regarding Log4j (CVE-2021-44228 and related)
Calibre-web is not affected by bugs related to Log4j. Calibre-Web is a python program, therefore not using Java, and not using the Java logging feature log4j.