[texworks] Log4J vulnerability

Stefan Löffler st.loeffler at gmail.com
Thu Dec 16 16:04:23 CET 2021


Dear Ms. Sylvester,

On 14.12.21 18:28, Sylvester, Donna wrote:
>
> Dear TUG folks,
>
>
> Seattle University is looking into risk exposure regarding the Log4J 
> vulnerability.  As such, we are reaching out to all our software 
> vendors to determine which products are vulnerable and which are not.
>
> Please answer the following questions related to TeXworks.
>
> 1.      Is the application vulnerable to the Log4J vulnerability?
>

TeXworks is written in C++, not in Java, so it does not use Log4J.

It does use other libraries, such as Qt, poppler, and hunspell, which to 
my knowledge are not written in Java either, but those are maintained by 
their separate development teams.

> 2.      If it is vulnerable:
>
> a. Is there a patch available to remedy the vulnerability?
>
> b.      Do you have a work-around that we can apply?
>
> c.      If there isn't a patch available, when can we expect a patch 
> to be released?
>

Not applicable.

> 3. Is there a web page with Log4J status? If so, please provide the link.
>

No.

Best regards,
Stefan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://tug.org/pipermail/texworks/attachments/20211216/f3161cfe/attachment.html>


More information about the texworks mailing list.