Log4j Vulnerability

Is OpenEMR using Log4j anywhere?

As far as I know nothing in the OpenEMR codebase uses Log4j. For those hosting in the cloud on Amazon, several of the AWS services had vulnerabilities and Amazon is in the process of fixing those. S3 has been patched and the database services for Aurora and RDS are in the process of being patched.

I’ve been following this handy reference to check what software I use against any posted vulnerabilities. log4shell/software at main · NCSC-NL/log4shell · GitHub


Thank you for sharing this!