Thought Lightbend doesn’t use Log4j, instead it uses SLF4J for logging which is a kind of abstraction over other logging libraries.If you are using Logback in your projects with Lightbend then you are not affected but incase if you have decided to use Log4j then Lightbend Akka, LightBend Akka Serverless, Lagom and Play framework might be affected.
The best way to find whether you are using log4j , is to search for Log4j in your POM and Gradle files, if you find log4j in your POM.xml or Gradle then upgrade to the latest version 2.16.0 which is safe compared to other versions of log4j.
| Light Bend | Versions | Status | Update |
|---|---|---|---|
| Akka | All | Not Vulnerable | Mitigation |
| Akka Serverless | All | Not Vulnerable | Mitigation |
| Lagom Framework | All | Not Vulnerable | Mitigation |
| Play Framework | All | Not Vulnerable | Mitigation |
