A security vulnerability has been discovered in Apache Log4j.2, a popular Java logging library (https://www.tenable.com/cve/CVE-2021-44228).
After a thorough investigation of all OpenLM components, we can confirm that our current products and components are not affected by this vulnerability.
Our products and components use the following versions of the Log4j: Log4net, Log4j 1.2.14, Log4j 1.2.16, Log4j 1.2.16 + Slf4j. These versions of Log4j are not affected by the discovered vulnerability.
Furthermore we have also scanned our services/online components such as the OpenLM Cloud and OpenLM Online Parser and can confirm that neither of these services are affected by the discovered vulnerability.
As part of OpenLM’s commitment to security, we will disclose any security issues we find in our products and services.
If you have further questions, please kindly contact us at support@openlm.com
Thank you.
Sincerely,
Branislav Potoček
VP SUPPORT & SERVICES
Image credit: Pixabay
