Vladimir Dyuzhev
MockMotor Creator
MockMotor is Not Using Log4J
MockMotor is not impacted by Log4J Security Issues
MockMotor is not using Log4J.
Because of that, MockMotor is not impacted by the Log4J remote security hole (fixed in Log4J 2.16) and subsequent remote DoS attack (fixed in Log4J 2.17). Or any future Log4J vulnerabilities.
MockMotor keeps its dependencies minimal. Using a third-party logging library when a perfectly good API exists
in java.util
core package seemed like overkill. And an increase of vulnerability surface, as it turned out.
The Bottom Line
You don’t need to upgrade MockMotor because of the Log4J debacle.