Security issue Apache Log4j2 (CVE-2021-44228) - 2c8

Hi! Want to book a meeting, get an offer or ask a question?

2c8 Modeling Tool, 2c8 Lite, and 2c8 Server are not affected by this issue.

The Java library Log4j2 has a security issue where an attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

This affects Log4j versions from 2.0-beta9 to 2.14.1. 2c8 Modeling Tool includes Log4j 1.2.13 but this version is not affected by this security issue. It does not include the affected JndiLookup class, since message lookup functionality was added in Log4j version 2.0.

CVE-2021-4104

2c8 Modeling Tool, 2c8 Lite, and 2c8 Server are not affected by this issue. 2c8 Modeling Tool does use a vulnerable version of Log4j but the exploit requires that JMSAppender is configured which is not the case.

Future versions of 2c8 Modeling Tool will not include any version of Log4j.

2c8