I replied to a user- post about this, but thought it was worth repeating it here.
In https://issues.apache.org/jira/browse/CASSANDRA-5883 you can see where Apache Cassandra never chose to use log4j2 (preferring logback instead), and thus is not, and has never been, vulnerable to this RCE. Kind Regards, Brandon --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@cassandra.apache.org For additional commands, e-mail: dev-h...@cassandra.apache.org
