Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)


Topic review


Re: Log4j vulnerability WinSCP

WinSCP does not use Log4j. And it never did, in any version.

WinSCP is coded in C++/C/Pascal/C#.
There's not a single line of Java code in WinSCP. So WinSCP cannot even use Log4j.

For a list of libraries actually used by WinSCP, see:

Re: Log4j vulnerability WinSCP

We are in the same situation – We need to know wether yes or no but do not find any information around.
Here are some more informations:
<invalid hyperlink removed by admin>

Log4j vulnerability WinSCP

We use WinSCP at our company (version 5.15).
Due to the current situation, we have the following question, for which we need a quick feedback:
Is the WinSCP we use affected by this vulnerability or does it use this library?