On 11/26/2021 a critical vulnerability in Apache Log4J2

Q: On 11/26/2021 a critical vulnerability in Apache Log4J2 <= 2.14.1 has been found and published. Is your application affected by this vulnerability and needs to be patched?

All of our products are being developed in Delphi or C#. Although we use Log4Net with some of the components, they are safe to use, because the reported vulnerability applies to Log4J only. None of our applications depend on Log4J or any other Java library and are thus not affected by this vulnerability. This applies to all versions and editions of our applications (TreeSize, SpaceObServer, SpaceObServer WebAccess, HeavyLoad, SmartPOP2Exchange, Exchange Server Toolbox, SpamAssassin in a Box, SpamAssassin for Windows, SmartCallMonitor, SEPA-Transfer, ServerSentinel, and ShellBrowser). It is recommended to always use the latest available versions though to benefit from the latest patches, improvements, and features.

Question

On 11/26/2021 a critical vulnerability in Apache Log4J2 <= 2.14.1 has been found and published. Is your application affected by this vulnerability and needs to be patched?

Accepted Answer

All of our products are being developed in Delphi or C#. Although we use Log4Net with some of the components, they are safe to use, because the reported vulnerability applies to Log4J only.

None of our applications depend on Log4J or any other Java library and are thus not affected by this vulnerability.

This applies to all versions and editions of our applications (TreeSize, SpaceObServer, SpaceObServer WebAccess, HeavyLoad, SmartPOP2Exchange, Exchange Server Toolbox, SpamAssassin in a Box, SpamAssassin for Windows, SmartCallMonitor, SEPA-Transfer, ServerSentinel, and ShellBrowser). It is recommended to always use the latest available versions though to benefit from the latest patches, improvements, and features.

FAQ & Knowledge Base

Is your software affected by the Log4J vulnerability?

Question / Problem

Answer / Solution