Lightbend | Log4j Vulnerability Impact

Thought Lightbend doesn’t use Log4j, instead it uses SLF4J for logging which is a kind of abstraction over other logging libraries.If you are using Logback in your projects with Lightbend then you are not affected but incase if you have decided to use Log4j then Lightbend Akka, LightBend Akka Serverless, Lagom and Play framework might be affected.

The best way to find whether you are using log4j , is to search for Log4j in your POM and Gradle files, if you find log4j in your POM.xml or Gradle then upgrade to the latest version 2.16.0 which is safe compared to other versions of log4j.


Light BendVersionsStatusUpdate
AkkaAllNot VulnerableMitigation
Akka Serverless AllNot Vulnerable Mitigation
Lagom Framework AllNot Vulnerable Mitigation
Play Framework All Not Vulnerable Mitigation
Source: https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275
Scroll to Top