A vulnerability in log4j has been reported, e.g. GitHub - NCSC-NL/log4shell: Operational information regarding the vulnerability in the Log4j logging library., which is currently being exploited.
We found it is also present in Shiny, e.g. within /shiny-server/node_modules/log4js
Does this represent a potential security risk for the server hosting our Shiny applications? Is there a way to address this ?
Thanks,
Coen
Hi Coen,
Thank you for asking this question and bringing attention to the matter on our community forum!
RStudio has confirmed that CVE-2021-44228 (Log4j vulnerability) is not present in the currently supported versions of RStudio Professional software applications. For a list of our currently supported versions of RStudio Professional software applications, please see RStudio Support - RStudio.
In regards to
We found it is also present in Shiny, e.g. within /shiny-server/node_modules/log4js
Log4j is a logging framework for Java, where as Log4js is a logging framework for JavaScript. As far as I'm aware Log4js does not have the security vulnerability that Log4j does.
Hope this helps ease any concerns you may have!
-Kyle