Any impact on VASSAL from the log4j vuln?

I don’t think there is, but just wanted to confirm that VASSAL 3.6.2 is not running log4j2 from the recent CVE 2021-44228.

(Sorry…cyber guy here, not dev…and just spent the whole weekend dealing with this).

Thanks Joel!

We don’t have log4j in our dependency tree, and have not ever, so far as I can recall.