here. A few additional notes:
- Our previous versions, namely 7.1, 7.2, and 7.3 Enterprise Edition, contained the log4j library as an optional external dependency.
- Versions from 7.3 to 21.2 used a version of AWS Redshift driver, which came with log4j as a dependency. Since it’s a JDBC driver, it cannot be used for external attacks.
- Also, there is an ant-apache-log4j.jar library in commercial versions of DBeaver. This jar file does not contain log4j. It’s an adapter from the Ant tool.