A few people have asked privately so it's probably worth publicly reassuring:

Snikket (and the software it builds upon, including Prosody) is *not* affected by the recent log4j vulnerability (CVE-2021-44228), so whether you use a hosted or self-hosted instance, this is one less service to worry about! ✔️

Follow

@snikket_im
Also worth noting about other software:

- Jitsi Meet does use log4j in some components. Though it appears it probably wasn't vulnerable, the team have published a new release and it is definitely sensible to upgrade!

- Openfire was vulnerable and they have published a new release to which everyone should upgrade: discourse.igniterealtime.org/t (a workaround is also detailed)

- Tigase is another notable server written in Java, but it does not use log4j, so is not affected.

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!