Moderator
Yui
(@fierevere)
永子
No, as with any other plugin and WordPress itself.
WordPress, plugins and themes are using PHP as server side language.
log4j is a component for Java servlets. Its another programming language and it is not used in WordPress ecosystem (except maybe some very exotic integration plugins that word together with PHP and Java, but its very unlikely case)
PS: Related to that Java file, Yes, it is for Java, but its not used, its 3rd party component, used for CSS optimization which comes for Java and for PHP.
Plugin is using PHP file. That .java is not executed and is just eating space on your host disk.
Perfect. That’s what I figured but I just wanted to double check as I have very little experience with Java.
Thanks again!
@fierevere @audrasjb
Do you think we can have a kind of official statement or blog post (placed on a prominent spot on wordpress.org) that confirms that WordPress is NOT affected by Log4j?
This might help to avoid lots of questions and mails 😉
Hello,
I checked with the security team and as for now, it doesn’t appear we have a strong need to communicate about this security issue since it doesn’t affect WordPress. Also, when we checked few hours earlier, there weren’t much support threads about this in the 3 previous days. A communication about this may lead to more questions and concern than not.
Thank you for pointing this out @fierevere @chrisweblocal @pixelverbieger 🙂
-
This reply was modified 1 year, 11 months ago by
Jb Audras.
It wouldn’t hurt to do it anyway, though, would it?
The w.org forums are not the only place where questions come up.
Assume that my 100+ customers don’t ask here, but contact *me* and ask for a confirmation. This could easily be provided by w.org, so that not only the security team knows that we do NOT have a problem …
+1 @pixelverbieger
It should be a no-brainer that if there is a security breach of such magnitude, there will be a statement from every software vendor. Including WordPress. There are so many people who are not deeply involved in the subject of web development. For them, such a statement is important.
An official statement/post about this security breach would be helpful.
