Post AEKsNQhEKYZAtsPHCS by Aloe@mstdn.social
 (DIR) More posts by Aloe@mstdn.social
 (DIR) Post #AEKruQIEkaEZFgsvcO by snikket_im@fosstodon.org
       2021-12-12T18:10:13Z
       
       1 likes, 4 repeats
       
       A few people have asked privately so it's probably worth publicly reassuring:Snikket (and the software it builds upon, including Prosody) is *not* affected by the recent log4j vulnerability (CVE-2021-44228), so whether you use a hosted or self-hosted instance, this is one less service to worry about! ✔️
       
 (DIR) Post #AEKsNQhEKYZAtsPHCS by Aloe@mstdn.social
       2021-12-12T18:15:07Z
       
       0 likes, 0 repeats
       
       @snikket_im What do you think about @matrix
       
 (DIR) Post #AEKsnff1JeX8qAsz8i by mattj@mastodon.technology
       2021-12-12T18:20:09Z
       
       0 likes, 2 repeats
       
       @snikket_imAlso worth noting about other #XMPP software:- Jitsi Meet does use log4j in some components. Though it appears it probably wasn't vulnerable, the team have published a new release and it is definitely sensible to upgrade!- Openfire was vulnerable and they have published a new release to which everyone should upgrade: https://discourse.igniterealtime.org/t/openfire-4-6-5-released/91108 (a workaround is also detailed)- Tigase is another notable server written in Java, but it does not use log4j, so is not affected.