Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)


Topic review


Log4j Vulnerability

Also looking for feedback on this. Thanks.

Seeking Details of log4j Vulnerability: CVE-2021-44228

Please post a statement clarifying any exposure for WinSCP (all products) and specify what versions are affected and which versions are remediated.

Our company is also looking for confirmation as well.
For reference, the specific vulnerability it is being reported as Log4j version 2.14.1 CVE-2021-44228.
Thank you.

Log4j vulnerability

Can you please let us know if WinSCP is affected by the recent Log4j vulnerability? If it is, which versions are affected and how to resolve the issue?