Register * You must register for access to some support pages  FAQ Search   Support Main Menu  Entry #504: Apache Log4j Vulnerability (December 2021) Question Apache Log4j Vulnerability (December 2021) Answer You may have seen recent reports of a security vulnerability in the Apache log4j open source library. Details of this issue can be found on the NIST website ( https://nvd.nist.gov/vuln/detail/CVE-2021-44228). This vulnerability was introduced in log4j version 2.0 and is mitigated in version 2.15. We are reaching out to let you know that Sightline EDM does use the log4j library. However, we do not use any of the versions that contain this security issue. We are currently testing log4j version 2.15.0 which mitigates the JNDI LDAP vulnerability by disabling this behavior as the default configuration. Log4j 2.15.0 will be included in the next release of EDM (version 5.16.4). We expect EDM 5.16.4 to be available in February.