Log4j vulnerability CVE-2021-44228
A critical security vulnerability has been identified in the Log4j library. This vulnerability is identified as CVE-2021-44228.
Log4j in MiKTeX code
MiKTeX code is written in C/C++, not in Java, so it does not use Log4j.
Log4j in MiKTeX infrastructure
The MiKTeX infrastructure (miktex.org, api2.miktex.org) is not affected.
Log4j in packages
Some packages (installed by the MiKTeX package manager) provide code written in Java. This code might vulnerable:
- albatross
- bib2gls
- convertgls2bib
- texparserlib
- arara
- latex2nemeth
- texplate
- texosquery
- texosquery-jre5
- texosquery-jre8
- cindy2
- commons-math
- KetCindyPlugin
- BMEditor
- pax
- tex4ht
- pp4p