Does WordPress use log4j?

Does WordPress use log4j? we received this question from many of our customers.
Additionally, a recent attack in log4j, a well-known java logging package, that has been making news recently, was difficult to miss. The exploit received a severity rating of 10/10 from CVSS, highlighting how serious the problem is and helping to explain why it is receiving so much attention.

Log4j

One of the most widely used open-source software applications that provide logging features for Java applications is the Apache Log4j Project.

The Apache Logging Services Project includes Log4j. For various coding deployments and use cases, the Apache Logging Services Project offers numerous iterations of the Log4j logging framework. Typically, Log4j is introduced as a software library within a Java service or application. The use of Log4j as an application may not be known by every user or organization as a result.

The first version of Log4j was released in October 1999, and the 1.0 release was made widely accessible in January 2001. The Log4j 2 branch, which was generally published in July 2014, is the most recent version of Log4j. Since then, it has undergone a consistent succession of modifications.

No, is the simple answer. Due to the fact that WordPress is a PHP application and log4j is a Java logging library, it is not used.

However, it might be utilizing log4j if you’re running a Java application somewhere in the hosting stack or a custom application that integrates with WordPress.