Dear Valued Customer,
In light of recent events regarding the discovered Log4j vulnerabilities, we have analyzed our systems and would also like to thank you all for the feedback that we received.
Our analysis confirmed that the vulnerability identified in Log4j 1.2.16 ( CVE-2019-17571) is not affecting our product, due to it not using the SocketServer that enables this exploit.
We have, however, made a decision to change our OpenLM Broker component to move away from using the outdated Log4j version 1.2.16 to use Logback.
We will further change our OpenLM Reports Scheduler and OpenLM Applications Manager to move away from using the outdated Log4j version 1.2.16 to use Logback.
This will resolve any pending concerns regarding the discovered vulnerabilities.
You can expect a fixed version of the OpenLM Broker to be released before end of year 2021.
You can expect a fixed version of the Applications Manager and Reports Scheduler to be released before the end of January 2022.
If you have further questions, please kindly contact us at firstname.lastname@example.org
VP Support & Services
Title image: Pixabay