1

Since the python logging package is based on PEP 282 and influenced by Apache's log4j system, does this package is impacted by the recent log4j vulnerabilities?

My knowledge of this particular module is limited so I'm hoping somebody here is a bit more familiar.

Billie
  • 35
  • 8
  • 1
    Doesnt look like it: [link](https://dev.arie.bovenberg.net/blog/is-your-python-code-vulnerable-to-log-injection/) but i advice to confirm this by looking up additional resources, shouldnt be hard to find. – Tommi Jan 18 '22 at 12:27

1 Answers1

8

It's not affected (disclosure: I'm the maintainer of Python logging), because Python logging is not a direct port of log4j, just influenced by it (in part). There are no equivalents in Python logging to the JNDI functionality built into log4j, that led to the vulnerabilities in it.

Vinay Sajip
  • 95,872
  • 14
  • 179
  • 191