Log4J Information and Update
Posted by Craig Godbold on 16 December 2021 02:01 PM
Dear Excentis Customers,
As many of you are aware, a vulnerability was found in Log4J, an open-source logging library commonly used by apps and services across the internet.
We would like to inform all of our customers that there is only 1 Excentis product that has any use of Log4J and that is the ByteBlower GUI. We would like to reassure you that this vulnerability does not pose a risk for desktop applications because anyone accessing the application already has control over the PC to begin with.
Furthemore, the ByteBlower GUI doesn't make use of log4j directly as it's only included as a dependency to the Jasper plugin.
Despite the low risk, the development team have addressed this issue and it will be released in the next GUI update → 2.14.2
This will be released in the coming week.
If you have any questions or concerns, please contact us at firstname.lastname@example.org