Forum » Support and Bug Reports »

Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Username

Subject

Message body

Font colour:

Font size:

Options

Disable BBCode in this post

Notify me when a reply is posted (registered users only)

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

Filename

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

File Comment

Options

Private file (available to author and site moderators only)

Topic review

martin

Re: Log4j vulnerability WinSCP

2021-12-15

WinSCP does not use Log4j. And it never did, in any version.

WinSCP is coded in C++/C/Pascal/C#.
There's not a single line of Java code in WinSCP. So WinSCP cannot even use Log4j.

For a list of libraries actually used by WinSCP, see:
https://winscp.net/eng/docs/contributions

rma

Re: Log4j vulnerability WinSCP

2021-12-15 11:06

We are in the same situation – We need to know wether yes or no but do not find any information around.
Here are some more informations:
<invalid hyperlink removed by admin>
https://github.com/NCSC-NL/log4shell/tree/main/software
Yours
Roland

joergseeg

Log4j vulnerability WinSCP

2021-12-14 12:33

We use WinSCP at our company (version 5.15).
Due to the current situation, we have the following question, for which we need a quick feedback:
Is the WinSCP we use affected by this vulnerability or does it use this library?

Post a reply

Topic review

Re: Log4j vulnerability WinSCP

Re: Log4j vulnerability WinSCP

Log4j vulnerability WinSCP

Documentation

Support

Associations

Follow Us