Many of our users will have seen the recent news about ongoing problems with the Zero-Day attack which exploits vulnerabilities in the Apache Log4j library - CVE-2021-44228.
No Digital.ai Application Protection software uses affected versions of the Log4J library. The Application Protection tool for Android uses a separate logging library, SLF4J, which is unrelated to Log4J.
Desktop Application Protection includes a copy of eclipse, which in turn does use log4j. However the version included pre-dates the introduction of the vulnerability and hence isn't affected.
An internal component of the Digital.ai App Aware platform was vulnerable to the Log4J exploit and has since been fixed using vendor-supplied updates. We are continuing to monitor the situation and will update this note when required.
No customer changes are required to fix or mitigate CVE-2021-44228.
To view Log4J notices for other Digital.ai products, please see Log4J Vulnerability to Zero Day Exploit and Digital.ai.
This article was updated on December 22nd to reflect the use of a non-affected version of log4j in the copy of eclipse bundled with Desktop Application Protection.