Current Entries | Archives   RSS


Visual Lint and log4j (TL;DR: we don't use it)

Thursday 16th December, 2021

A good question from a customer given a bunch of headlines about security holes in the log4j logging library:

Triggered by the recent log4j vulnerability our organisation is asking all our software vendors if their software is affected by it - and if so by when a patch will be provided. May I ask for your confirmation that Visual Lint is not affected by this exploit?

I suppose that Visual Lint is Java free and thus has no problem with it. Thanks a lot for your answer!

Hopefully our answer will prove reassuring:

Visual Lint is written almost entirely in native C++ (more specifically, it's written in C++ 14). There is only one Java project in the entire codebase - the project which implements the Eclipse plugin (to our knowledge, Eclipse plugins can only be implemented in Java).

However, that project is just a thin Java wrapper around a native DLL - and it doesn't use log4j at all.

So, you're correct. Visual Lint (and indeed all our products and infrastructure) are 100% log4j free.

So your organisation can rest easy in this case.

Posted by annajayne at 8:40pm | Get Permalink