The Semarchy/Stambia engineering team is monitoring - as part of the build & quality processes - Common Vulnerabilities and Exposures (CVEs) that impact libraries or third-party components shipped in the Semarchy products.
A vulnerability has been reported under the
CVE-2021-44228
reference, affecting the Log4J2 (Log4J version 2) library, commonly used in applications for logging services.
To summarize:
-
CVE-2021-44228 impacts Log4J2 (Log4J version 2), which is not used in the Stambia core components (Designer, Runtime and Analytics)
The Stambia core components use Log4J1 (Log4J version 1) which is not vulnerable to CVE-2021-44228 attacks as described in the CVE.
- The only component using Log4J2 (Log4J version 2) is the ElasticSearch component. Which is not impacted by the CVE.
A more comprehensive note will be published as soon as possible.
In the meantine, do not hesitate to contact our support team if you have additional questions or need further clarifications.
NB: this forum topic is locked so that it remains a synthetic and clear information source. Please discuss this subject in other topics or contact our support team.
