Log4J Spark 3.0.2

Hello everyone. I have a quick question. We are running a server running OpenFire and are using Spark internally for IM. Our vulnerability scans are popping up showing vulnerable Log4j versions. Is there a way to modify Spark’s files or folders to remediate the issue so they don’t pop up on the scans? I tried searching first but didn’t see anything concrete.

Spark does not use the log4j library. In the latest versions of Openfire log4j has been updated.

What version Openfire are you using?

Openfire version is 4.7.5

Update your Openfire to 4.8.3 and you’ll be fine.