yWorks software and services are NOT affected by Log4j vulnerability


In a nutshell, what we can assure you is plain and simple:
No yWorks product or service uses the Java-based Log4j logging utility and thus none of our products or services is affected by the critical vulnerability known as CVE-2021-44228.

So, no matter if you are a user of our free graph editor applications like yEd or yEd Live OR a user of our Graphity for Confluence diagram editor OR are a licensee of one of our commercial yFiles diagramming SDKs that's used integrated in your own software application: none of them will expose you or the users of your own software to this critical vulnerability.

On a general note, all versions of yFiles follow a strict zero external dependencies policy. But your application might still depend on log4j, so be sure to check it!

Getting started with yFiles

Learn more about yFiles, the diagramming SDK, and it's powerful and flexible features for HTML, Java, .NET, and WPF here!

Test and experience yFiles free of charge!

  • Free support
  • Fully functional
  • 100+ source-code examples
Try now