Xibo and log4j vulnerability: CVE-2021-44228

Hi. I wonder based on the recent log4j vulnerably discovery.
Whether there is such module embedded in xibo docker images , and if so what version …



Great question and i am wondering the same myself

1 Like

Same here. Could you please confirm?

AFAIK, not the CMS as it’s not Java but PHP.

I’d love confirmation of this as well.

Hey all,

Good question! Like others I suspect the answer is no, Log4J is not used in Xibo or the docker images but I’d like to hear a formal confirmation too. Security issues require very clear and transparent communication, even if it’s just to say there’s nothing to worry about. That way we can direct our efforts elsewhere,


1 Like

Hello everyone, our apologies for not responding to this sooner.

Xibo CMS does not use Java, and Xibo for Android which is written in Java doesn’t use log4j, so there is no risk from the vulnerability. I hope this helps to reassure you but if you have any further questions, please let me know.

Many Thanks,

Hello DanBW,

Can you confirm this for the players too?


Hi puthplaza,

Regarding the players, Xibo for Android is written in Java but does not use log4j. There should not be any risk from the vulnerability on any of the player platforms.

Many Thanks.


This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.