TL:DR; Passenger is not affected.
Passenger has no components written in Java and thus does not use log4j. As such, it is not affected by the log4j vulnerabilities (CVE-2021-45046 & CVE-2021-44228, or any subsequently discovered issues with log4j).
Log4J Bulletin: Passenger not affected
Camden Narzt
Software Developer
Supercharge your Ruby, Node.js and Python apps
Over 650,000+ sites use Passenger as their app server to ensure that their web apps, microservices and APIs are served with outstanding reliability, performance and control.
learn more
Follow on GithubPassenger 6
Now supporting all languages
Discuss on HackerNews
Let us know your thoughts!
Discuss on Twitter
And follow us on @phusion_nl
Stay in the event loop
Get news and tips on our products and/or programming in general.
No more than 1 email per week. Pinky swear.