Hello all, Except the SQL injection vulnerabilities in JDBCAppender (see , all known CVEs against log4j 1.x, including the recent ones, have been fixed in git. As I write this, Vladimir is working to fix JDBCAppender. -- Ceki Gülcü Sponsoring SLF4J/logback/reload4j at https://github.com/sponsors/qos-ch