[coalado]

CVE-2021-44228, log4j, JDownloader is NOT affected

We just want to let you know that neither JDownloader nor any other of our projects make use of log4j and thus are not affected by this security vulnerability.

Edit: 15.12.2021
Due to a question on Reddit, we would like to get a bit more into detail:

Neither JDownloader itself nor its libraries/dependencies use or contain log4j. This includes all executable code in
- JDownloader.jar
- Core.jar
- All dependencies in the /libs/ folder
- All extensions in the /extensions/ folder
- All plugins in jd/plugins/ folders

If you want to get sure:
Executable code is stored in *.jar files ( And the plugin folders)
You can open these jar files with any ZIP extractor. As long as you don't find any strings or files that start with/contain org.apache.log4j or org.apache.logging.log4j we are fine.