Frequently Asked Questions

Regarding log4j [Log4Shell Vulnerability report]

Regarding the recent security alerts about log4j: Red5 does not use log4j, and hasn’t since sometime around 2006-7. The log4j-over-slf4j jar is an adapter to support code which was linked with log4j when built, outside of our control; i.e. a dependency library or custom app. Again, our server doesn’t include log4j and does not use it.