In the aftermath of the Log4J security breach, we need to be sure that all vulnerable components are patched.
I guess there are no Java components and hence not Log4J involved in any of Telerik's components, but can this please be confirmed?
I noticed that the same topic was discussed in a support thread. I will repost the response here as well, so other customers can benefit from it:
The problematic package is not used in any product across the Telerik DevTools portfolio. This includes Telerik Reporting and Kendo UI components for all supported frameworks. Also, no such dependencies are integrated on a product level.
Please, check also our Security page that is constantly updated.