Eclipse and log4j2 vulnerability (CVE-2021-44228)

Project	Version	Status	Comment
Eclipse SDK	..*	Not Vulnerable	Eclipse SDK does not use log4j
JGit	1.0-5.13.0,6.0.0	Not Vulnerable	org.eclipse.jgit.pgm uses log4j 1.2.15
EGit	1.0-5.13.0,6.0.0	Not Vulnerable	EGit does not use log4j
Jetty	..*	Not Vulnerable	Blog: Jetty & Log4j2 exploit CVE-2021-44228
StatET	..*	Not Vulnerable
Web Tools Platform	..*	Not Vulnerable	log4j 1.2.15 is used in an unused dependency in a single test plug-in
Scout Runtime	10.x - 22.x	Not Vulnerable
Eclipse Hawk	..*	Not Vulnerable
Eclipse Theia	..*	Not Vulnerable
Eclipse Dash	..*	Not Vulnerable
Linux Tools	..*	Not Vulnerable
Eclipse JKube	..*	Not Vulnerable	Eclipse JKube does not use log4j
Eclipse Modeling Framework (EMF)	..*	Not Vulnerable	Uses log4j 1.x, but only in Xcore tools bundles, not in any runtime bundles deployed in applications.
XML Schema Definition (XSD)	..*	Not Vulnerable	Does not use log4j.
JustJ	..*	Not Vulnerable	Does not use log4j and log4j is not included in the JRE themselves.
Oomph	..*	Not Vulnerable	Does not use log4j.

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.