What is Log4j?
Log4j vulnerability CVE-2021-44228 (also known as Log4Shell) is a vulnerability that permits remote code execution.
Is HTML2PDF Rocket vulnerable? Answer: No
In short, no, HTML2PDF Rocket (including its entire software dependency chain) does not directly or indirectly use Log4j anywhere.
How does HTML2PDF Rocket manage to keep its software up to date?
The HTML2PDF Rocket API has frequent software updates to Node JS and .NET to maintain the latest and most secure version of server-side binaries and libraries. We use a container-based approach and automated continuous testing, integration, and deployment of code, which allows us to frequently update software (and dependency versions) without any downtime. This information applies to both the API and the Batch API.
The HTML2PDF Rocket Legacy API (legacy.html2pdfrocket.com) is also not vulnerable to Log4Shell. However, it is not being kept up to date and will soon be removed from service. Customers are advised to move to api.html2pdfrocket.com.