That was my impression too Steve. Just after a statement from the developers.
htcondor is not written in Java, why would there be any log4j dependencies? Checked all my condor installations and don't see log4j as part of it. Of course there should be an official note from the developers.
From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> on behalf of Hitchen, Greg (IM&T, Kensington WA) <Greg.Hitchen@xxxxxxxx>
Just wondering if or when the HTCondor Team might be able to release information about HTCondor and the
CVE-2021-44228 log4j vulnerability.
e.g. not used so no problem, or used but old version not impacted, or used and this is the mitigation/upgrade.
We, and I assume every other IT dept. are being pushed hard for info from vendors about this.