Vulnerability - Apache - Java log4j

Our IT company sent an email today with a notice for a vulnerability that affects a "significant amount of software". Apache has released a patch for it. Is this something used in Arena? If yes, how do we make sure it gets patched?

The email we got states:

Apache announced vulnerabilities related to a Java logging package log4j, which is used in a significant amount of software. The severity of this issue has been given a CRITICAL severity range with base score of 10. The details of the vulnerabilities can be found here: CVE-2021-44228. These vulnerabilities can be exploited by malicious actors.

Apache has released a patch and it should be updated immediately, however most of the impacted software will need to incorporate the fix into their patching process in order to address the vulnerability. If you are using Apache log4j locally, patch immediately.

Parents
  • I was waiting on verification from our developers about this. According to them We have no exposure to the log4j zero-day vulnerability. It is not utilized in our software.
    This applies to Arena and ShelbyNext Financials.

Reply Children
No Data
More Content