Subnavigation

The Qt Company Products Are Not Affected by CVE-2021-44228 (Log4j vulnerability)

December 15, 2021 by Tuukka Turunen | Comments

None of The Qt Company products are affected by the Apache Log4j vulnerability (CVE-2021-44228).

The vulnerable or any other versions of the Apache log4j library are not used in the Qt framework, Qt Creator, Qt Design Studio, Squish, Coco, Test Center, Qt for MCU or in any other products offered by The Qt Company. Therefore, no actions are required for users of Qt or any of the other products of The Qt Company due to the Log4j vulnerability. 

Like many others, also for us some of our IT systems were affected and we have taken the needed actions to address the vulnerability. No attacks using the vulnerability have been detected in any of our system or systems hosted for us by others. 

If you have any questions or concerns related to this, please contact our support team(s). 

 
Blog Topics:

Comments

Christian Wilcox
0 points
40 months ago

log4j is included with a Squish 6.7.2 install on Windows.

Update 2021-12-20

As stated by Andy below, the included file is a binding and not the problematic framework.

Thank you for clarifying, Andy!

A
Andy Shaw
0 points
40 months ago

There's a Java .jar file deep inside of the Squish IDE installation that has "log4j" in its name. But that one is just a binding for the vulnerable framework. So there is nothing to be concerned about here.

S
Stuart
0 points
34 months ago

Does this statement also apply to older versions of Qt? (i.e. 5). Thanks

M
Maurice Kalinowski
0 points
34 months ago

Yes.

Subscribe to our newsletter

Subscribe Newsletter

By submitting the form, you agree that Qt Group will process and store your personal information according to the Privacy Policy and may send you communications related to your request. You may unsubscribe from all communications at any time by clicking Unsubscribe or Manage Preferences in the footer of our emails.

Try Qt 6.8 Now!

Download the latest release here: www.qt.io/download.

Qt 6.8 release focuses on technology trends like spatial computing & XR, complex data visualization in 2D & 3D, and ARM-based development for desktop.

We're Hiring

Check out all our open positions here and follow us on Instagram to see what it's like to be #QtPeople.

Read Next

Jan 21, 2025

Security advisory: A read past the end of the buffer and division by zero security issue in QLowEnergyController on Linux impacts Qt

A read past the end of the buffer and division by zero security issue in..

Read Article

Jul 17, 2024

Security advisory: Recently discovered HTTP2 handling issue impacts Qt

Whenever a TLS connection is started for a server that supports HTTP2 and..

Read Article

May 24, 2024

Security advisory: OAuth1 in QtNetworkAuth

The OAuth1 implementation in QtNetworkAuth created nonces using a PRNG..

Read Article