PSA: The Engine Server Does NOT Use Log4j (OEngine Server) [Revelation On-Line Wiki]

OEngine Server, bshumsky, Matthew Crozier

Join The Works program to have access to the most current content, and to be able to ask questions and get answers from Revelation staff and the Revelation community

At 13 DEC 2021 07:45:51AM bshumsky wrote:

Hi, everyone.

As you may have seen in the news, a new vulnerability was recently discovered/announced in java's log4j logging library. This is a very popular library, and so a lot of companies were/are affected.

However, Revelation Software's engine server (which is written in java) does NOT use the log4j logging library, and so it does not appear to be vulnerable to this new exploit. The telnet server (also written in java) includes the log4j library in its "classpath", but does not actually use any of the logging functionality, and so also appears to be safe.

Please feel free to let us know if you have any questions about this issue.

Regards,

- Bryan Shumsky

Revelation Software, Inc.