3Liz

Open your GIS

State of the Log4j security issue and the Lizmap project

Mon 20 December 2021

fr, en

State of the Log4j security issue and the Lizmap project

Last Friday 10th December, a security issue has been discovered in Apache Log4j. It has been quickly declared as critical. Many software programs suffered from this issue.

Lizmap is unaffected by the Log4j security issue. It is built with PHP and Javascript using the Jelix framework[1]. Our backend is based on PostgreSQL[2] and QGIS[3]. Both of these projects are build in C/C++ and are unaffected by Log4j's exploit.

Log4j is a JAVA based library that is not used in any of our products (Lizmap modules, QGIS plugins and of course Lizmap or any side projects).

So the security issue is not affecting the Lizmap project.

For information, we have published on this topic last week on the Lizmap mailing list.

The 3Liz team

  1. https://jelix.org
  2. https://www.qgis.org
  3. https://www.postgresql.org