From 92f65882b2edc3db4b44cfe736532e8cd7ffbb1e Mon Sep 17 00:00:00 2001 From: Ozzie Isaacs Date: Thu, 16 Dec 2021 06:21:16 +0100 Subject: [PATCH] Added log4j statement --- SECURITY.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index a7113785..bbaad7c4 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -27,3 +27,6 @@ To receive fixes for security vulnerabilities it is required to always upgrade t | V 0.6.14|Cross-Site Scripting vulnerability on typeahead inputs. Thanks to @notdodo|| +## Staement regarding Log4j (CVE-2021-44228 and related) + +Calibre-web is not affected by bugs related to Log4j. Calibre-Web is a python program, therefore not using Java, and not using the Java logging feature log4j.