PostgreSQL JDBC and the log4j CVE

Posted on 2021-12-13 by JDBC Project
Related Open Source Security

A CVE has been reported on the popular logging implementation log4j.

As the PostgreSQL JDBC driver does not include this as a dependency we have determined that there is no need for concern. The driver is not vulnerable to this CVE.


Dave Cramer

pgjdbc team