I don’t know if this is the right forum for this topic, but seemd to fit the most.
My question is in the title, does the vulnerabilty due to the Apache Log4j library affect Logitech Media Server (LMS) or Max2Play?
The Raspberry Pis I use aren’t accessible from the internet, but as I understood that doesn’t matter. I’m not an expert though and just want to bring this to awareness to the people that might have an educated opinion on that.
The basic installation of Max2Play is not affected by Log4j. However, if packages are subsequently installed that run using Java (and thus usually also use Log4j), then it would theoretically be possible that there is a security risk, provided that the device and the service can be accessed via the Internet.
However, this is very unlikely – the most common targets will be popular programs among end users.