Log4j is a Java-based project of the Apache Software Foundation that provides logging services. None of the ComponentSpace SAML products use Apache Log4j and therefore they are not impacted by the CVE-2021-44228 vulnerability. https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rcehttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228https://logging.apache.org/log4j/2.x/security.html
Regards ComponentSpace Development
|