Security Notice: Apache log4j Vulnerability CVE-2021-44228
What
CVE-2021-44228 is the Apache Log4j2 vulnerability commonly known as Log4Shell. It was disclosed in December 2021 and affected vulnerable Log4j2 versions where attacker-controlled JNDI lookups could lead to remote code execution.
FileWave's product assessment found that FileWave Server, Boosters, IVS, and Clients were not impacted by CVE-2021-44228.
Why
This page is retained as a historical security notice for customers who need to answer security questionnaires, audit older records, or confirm FileWave's Log4j assessment.
- FileWave did not use the Java Apache Log4j library.
- Older FileWave releases used log4qt, a C++ logging implementation, not Log4j. That use was discontinued after FileWave 12.4.
How
No FileWave-side patch or configuration change is required specifically for CVE-2021-44228 for the FileWave components covered by this notice.
If you are validating an environment:
- Confirm that the system being reviewed is a FileWave Server, Booster, IVS, or Client component.
- Review any non-FileWave Java applications or services on the same hosts separately, since this notice only covers FileWave products.
- If the environment is old or unsupported, compare the installed FileWave version with current FileWave support guidance and any newer FileWave security notices.