We're sorry Aspose doesn't work properply without JavaScript enabled.

Free Support Forum - aspose.com

Log4j critical vulnerability CVE-2021-44228 in Aspose.HTML

2021-12-13_12-29-39.png (11.6 KB)

Hi @Amjad_Sahi, thank you for your response. I was doing a binary file search in eclipse and noticed that the aspose-html-18.5.jar may have had some sort of reference to log4j (screenshot included in this message). Curious if you have any idea what that is from?

Thanks in Advance,
Brandon Brown


As we recommend using latest version of the APIs, so could you please try our latest version of Aspose.HTML for Java and let us know your feedback.


I included the latest 21.6 aspose.html jar file and re-ran the search and it still seems to be picking up on some sort of log4j referenceaspose.png (21.3 KB)


Thanks for sharing the screenshot.

We will evaluate it and get back to you soon.

@Amjad_Sahi Thank you. Looking forward to your response.


Please note that Aspose.HTML for Java 21.11 does not use Log4j library. It was only meant to hide the obfuscation. However, it was never used in the API as it is only a transitive dependency.