A vulnerability has been reported under the CVE-2021-44228 reference, affecting the Log4J2 (Log4J version 2) library, commonly used in applications for logging services.
- CVE-2021-44228 impacts Log4J2 (Log4J version 2), which is not used in Semarchy xDM.
xDM instances use Log4J1 (Log4J version 1) which is not vulnerable to CVE-2021-44228 attacks as described in the CVE.
- Log4J1 (one) has other reported vulnerabilities which can be easily identified and mitigated.
- Upgrading the Log4J1 library used in xDM is a "technical debt" tracked as MDM-10824. We have in our plans to perform that upgrade as part of our next minor release... (More)