Log4j is a Java library by Apache used to log debug messages within applications. It’s recently been featured in news outlets around the world due to a vulnerability (known as Log4Shell) that was discovered allowing remote code execution using a specific string.

### Laravel Forge

[Laravel Forge](https://forge.laravel.com) does not install Log4j by default. Furthermore, Forge does not install any applications known to use Log4j.

The vast majority of servers provisioned by Forge will not be vulnerable; however, if you have manually installed applications such as ElasticSearch your server may be affected.

To check if your server is affected, you can use a script such as [`log4j_checker_beta`](https://github.com/rubo77/log4j_checker_beta).

### Laravel Vapor

[Laravel Vapor](https://vapor.laravel.com) does not install or use Log4j in both the native or Docker runtimes. However, if you have manually installed libraries, use custom layers, or customize your `Dockerfile`, it is possible that Log4j has been installed due to those modifications.

You should check your environment for vulnerability and take action if necessary.

You May Also Like