Security Notice: Apache log4j Vulnerability CVE-2021-44228
Info
In December 2021, CVE-2021-44228 was disclosed for Apache Log4j2, the Java logging library. The vulnerability is commonly known as Log4Shell and affected vulnerable Log4j2 versions where attacker-controlled JNDI lookups could lead to remote code execution.
Question
Are FileWave systems impacted by CVE-2021-44228?
Answer
No. FileWave Server, Boosters, IVS, and Clients are not impacted by CVE-2021-44228 based on FileWave's product assessment.
- FileWave did not use the Java Apache Log4j library.
- Older FileWave releases used log4qt, a C++ logging implementation, but that use was discontinued after FileWave 12.4.
This page is retained as a historical security notice. If you are validating an older or unsupported environment, compare the installed FileWave version with current FileWave support guidance and any newer FileWave security notices.