ownCloud not directly affected by log4j vulnerability

ownCloud 10 and ownCloud Infinite Scale are not affected by the important security issue in log4j.

Dear ownCloud user or customer,
This simple - we’re not affected - applies for all ownCloud standard installations, including our docker containers and our SaaS Service at owncloud.online.
If you have Java services connected to ownCloud like Elasticsearch - those need to be checked and updated or mitigated now.
Here are 2 links which should help you to see if you’re generally affected and how to solve the issue:

Thanks you for your attention - as we are getting customer and user enquiries we wanted to proactively communicate with you.

As this issue mostly affects Java applications owncloud 10 (written in PHP and JavaScript) and ownCloud Infinite Scale (written in golang), as well as our desktop and mobile clients don’t need a special upgrade at this time, however we do recommend that you keep your complete environment current and follow security recommendations in a timely manner. For ownCloud 10 this would be the 10.8 server version. Staying on the latest versions assures that your systems stay safe and secure!
ownCloud 10 applications use a Javascript library called log4js. This is a different software which is verified to not have this problem.

All our internal as well as customer and user facing systems are already updated.
Please don’t hesitate to contact our support if you have any additional questions.

Best Regards,

Your ownCloud Team!

PS: This issue is widely spread, therefor we are making a proactive statement …

3 Likes