Log4j / Log4Shell CVE -> is bitwarden affected due to Docker Image?!?

Hello community, the media seems to freak out due to the latest CVE "log4shell" or log4j java-log-tool; Just a stupid question: Is bitwarden (Cloud or Self-hosted) anyhow affected? As far as I understand your architecture, you guys are using Nginx Docker (no Apache) ā†’ thus, users should not! be affected, right?

thanks for any replies!

Hi @horschd,

Welcome to the community and thank you for your question.

Regarding the recent Log4Shell exploit, Bitwarden will be uninhibited by this. It appears to pertain to java or apache dependent applications. Bitwarden does not leverage either of these solutions, nor have any dependences on the culprit of this exploit in log4j.

Kind Regards,


Thanks djsmith85 for the info!
Iā€™d highly suggest to put this info on the front page for a certain amount of time.