Apache Log4j critical vulnerability (CVE-2021-44228) was brought to our attention on Fri, Dec 10th. The Apache Log4j 2 is an open-source Java package that allows developers to log activity within applications. The vulnerability was exploited by attackers worldwide, allowing malicious strings to be logged.
Were XPLG products affected by the vulnerability?
- XPLG was not affected by the Log4J 2 vulnerability.
After an extensive security audit of the entire XPLG environment, we have found that none of the XPLG product suite systems contain the software identified in the vulnerability disclosure.
- What security actions XPLG’s has taken?
XPLG users do not need to take any immediate actions.
We have been working to assure the security of our environment since this vulnerability was made public.
- XPLG Next Security Patch *Announced soon
Although this vulnerability does not compromise XPLG users, we are always committed to keeping our products' security up to date. The next security patch will contain the latest secured Log4j version and will be released within a few days.
We strongly encourage you to review other applications in your IT environment and, if necessary, take immediate action. We gathered some helpful resources here
Please reach out to our team if you have any questions.