Following the news of the 0-day exploit on the log4j2 Java logging library, our team investigated if Liquibase includes this library in any code. We can confirm that no Liquibase editions or versions are affected by the log4j2 vulnerability. Read more about our investigation on our blog: Log4J2 Vulnerability Does Not Affect Liquibase