Security log4j

Forums: 

Does anyone know if there is an issue with log4j in h5p? I am not a developer, we use the h5p plugin in the ILIAS LMS...
Is that still safe?

BV52's picture

Hi MacHoff,

We have kept an eye on CVE-2021-44228 since it was announced on Friday.

None of the software developed by Joubel is Java-based, so neither h5p.com nor h5p.org should be affected by this vulnerability. Nevertheless, to be absolutely sure, investigations have been performed by a security engineer.

Luckily, We have not found anything indicating we should be affected by CVE-2021-44228.

-BV