We are using aspose bundle and it contains log4J1.2.5 version… As part of recent vulnerability, we would like to upgrade to 2.17.x version. Please let me know latest asposebundle with log4j version information.
Are you talking about this vulnerability?
Please note, Aspose.Total for Java APIs do not use your mentioned vulnerability or other similar vulnerabilities. Aspose for Java APIs are not effected by it. Log4J is not used nor logged in Aspose.Total for Java APIs. Moreover, we recommend using the latest versions of the Aspose for Java APIs. If you find any issue regarding this or other vulnerabilities in Aspose for Java APIs, let us know with complete details and we will check the issue immediately.
By the way, Could you please provide more details on the Aspose APIs, including the specific versions, that you have identified as having a log4J vulnerability?
We are using Aspose.Pdf for Java and it contains Log4j 1.X version. As part of recent vulnerability, we should use log4J 2.x version. Could you please suggest latest version of this product to fix this vulnerability.
Thanks for providing further details.
I am moving your thread to respective forum where one of our colleagues from Aspose.PDF will assist you accordingly.
The Apache Log4j library is not used in Aspose.PDF for Java (Latest Version). Please try to use 24.8 version of the API and if you face any issues, please let us know.
Please find the previous Quote Number - #0222729137 for Aspose and getting log4J vulnerability. Please let me know the latest version to fix this log4J vulnerability.
Are you talking about Aspose.PDF for Java API? As shared earlier, Aspose.PDF for Java does not use log4J library. Can you please make sure that you are using the latest version of the API?