Log4js vulnerability Radzen (Node package)

Radzen Studio Angular
1

Hi Team Radzen,

In the included /referenced Node packages with angular there is also a "Log4j" package .

Does Radzen uses this library internally or in the generated templates / screens .
location "..\client\node_modules\log4js"

/kr
Mehmet

2

Radzen does not log4j. It uses log4js for Angular applications (which is a different library). It is a dependency of ts-loader which is used by webpack to build TypeScript files. It is not bundled in production applications.

3

image
image1920×1080 195 KB

4

Thank you, @enchev and @korchev ,
It is better to ask than to assume in these cases .

I can now safely communicate to my customers that none of our apps uses this Java module.