Log4Shell (CVE-2021-44228) Status in NTify.jar? #116
Description
Describe the bug
This is not a bug in NTify itself, but a general security concern for users running NTify on Windows XP. Many users (especially on old systems like XP) are still using potentially vulnerable or outdated Java 8 installations. The famous Log4Shell vulnerability (CVE-2021-44228) in Apache Log4j 2.x (versions ≤2.14.1) affected a huge number of Java applications in 2021–2022. Even though NTify might not directly bundle a vulnerable Log4j (I couldn't find any log4j-core.jar in the JAR via 7-Zip check), users could still be at risk if their Java runtime or other dependencies introduce it indirectly, or if future updates add logging that uses vulnerable libs. Adding a clear recommendation in the README would help protect XP users from running unsafe Java versions.
Security note for Windows XP users:
Use a recent and XP-compatible Java 8 build to avoid known vulnerabilities like Log4Shell (CVE-2021-44228 – details: https://nvd.nist.gov/vuln/detail/CVE-2021-44228).
The currently best option I know is ojdkbuild OpenJDK 8 (e.g. 1.8.0.332 or newer XP-patched builds): https://github.com/ojdkbuild/ojdkbuild
Even these builds do not include Log4j themselves (it's an app-level dep), but a safe base JDK reduces overall risk. Match architecture (x86) with your VLC install.
This would guide users away from downloading random/old/vulnerable Java installers from shady sites. Many XP users aren't aware of the risks anymore.