Does FoundationDB have Log4j vulnerability?

The recent Log4j vulnerability is a big concern for us. Like to get a confirmation whether FDB server and Java client have this vulnerability. Thank you.

The server is written in C++ and we have our own logging implementation. Same is true for the C client (which is used by all bindings). The Java bindings don’t do any logging AFAIK and I am not aware of any dependencies to log4j.

But depending on which layers you use you should check them as well. For example I have no idea what the record layer is doing

We use the FDB base layer, and has developed a Graph layer upon it ourselves. I’ll check with our company’s internal team then. Thanks, Markus.