Many of our users will have seen recent news about ongoing problems with the Zero-Day attack which exploits vulnerabilities in the Apache Log4j library - CVE-2021-44228
The identified vulnerability is with the log4j-core jar file which is not used by either Digital.ai Release or Digital.ai Deploy.
While we do ship log4j-to-slf4j and log4j-api these jar files cannot be exploited. While neither these files nor Digital.ai Release or Deploy is susceptible to attack due to this vulnerability, some threat detection systems may flag these files. In order to avoid false positive threat indications, future versions of Digital.ai Release and Deploy will ship with the lastet Log4J available.
To view Log4J notices for other Digital.ai products, please see Log4J Vulnerability to Zero Day Exploit and Digital.ai.
Thanks for quick updates!!!
Please sign in to leave a comment.