Apache Camel and CVE-2021-44228 (log4j)
, by Claus IbsenApache Camel is NOT using log4j for production Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228. If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade. Apache Camel is using log4j for testing itself Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.