Společnost AVUESY vydala oficiální vyjádření ke zranitelnosti Log4shell.
Rádi bychom vás ujistili, že bez ohledu na tuto kritickou zranitelnost se v současné době neočekávají žádné důsledky pro provoz softwarového řešení versiondog od společnosti AUVESY.
Produkt versiondog NENÍ založen na knihovně Java Log4j a nepoužívá žádný jiný software, který by byl přímo závislý na Log4j.
On 12/13/2021, BSI announced that a critical vulnerability in the widely used Java library Log4j had been detected and gave it its highest severity level rating. Log4j is an open-source Java logging library that is widely used in a number of software applications around the world.
We would like to reassure you that, regardless of this critical vulnerability, no consequences are currently expected with regard to the operation of our software solutions.
With regard to the use of Log4j and our products, we wish to make the following statement:
- versiondog - not affected
versiondog’s code is NOT based on the Java library Log4j and does not use any other software that has a direct dependency to Log4j.
- automation solution center - not affected
The automation solution center code is NOT based on the Java library Log4j and does not use any other software that has a direct dependency to Log4j.
- Asset Inventory Service – not affected
The Asset Inventory Service’s code is NOT based on the Log4j Java library, nor does it use any other software that is directly linked to Log4j.
We would like to once again reassure you that all our products, applications, and servers used with regard to the operation and development of our software, are permanently maintained and updated by our IT & Security team. Both regular and security-related updates are always installed on all our systems as soon as possible after they appear.
You can always be sure that potential vulnerabilities (once detected) are analyzed within the shortest amount of time and will be counteracted using the appropriate measures.