Berlin, Dec 13, 2021
We have extensively analyzed this issue and have concluded that no i-net software product is affected by the log4j vulnerability CVE-2021-44228. We have released a statement about the disclosed vulnerability on our FAQ website
The vulnerability only affects Log4j versions 2.0 until 2.14.1 (see https://www.lunasec.io/docs/blog/log4j-zero-day/) - none of which were ever used by i-net software products in the first place. We did use version 1.2.17 starting 10/2015 until 05/2020 for minor functions without direct web parameter input.
Additionally, only Java versions earlier than (including)
11.0.1 are affected as per description. i-net software had to publish a security release in April 2020 which included the then current Java version 11.0.7 for all products that are shipped with a Java 11 VM - specifically: i-net HelpDesk 8.2.374 and newer, i-net PDFC 5.1 and newer, i-net Clear Reports 17.1 and newer. Earlier product versions from the April 2020 security release that include the Java 8 VM did ship 1.8.0_211 for Windows installers and 188.8.131.52 for macOS installers.
That means, that product releases newer than and including version 20.10 have no reference to log4j whatsoever. Versions prior to 20.10 are not affected due to a previous version of log4j being used - even though an affected Java VM may be used.
Even though no products released by i-net software are directly affected by the disclosed critical RCE CVE-2021-44228 of Log4j it is advised to update to the latest released minor versions. Keeping your installations up-to-date with our latest supported major versions ensures that you benefit from our latest security patches.
For updated information about the on-going issue, please check out our FAQ website.
|i-net PDFC - New Release 22.4||Apr 28, 2022|
|i-net HelpDesk - Neue Version 22.4||Apr 28, 2022|
|i-net CoWork - New Release 22.4||Apr 28, 2022|
|i-net Clear Reports - New Release 22.4||Apr 28, 2022|
|Stellungnahme zur Sicherheitslücke in Log4j||Dec 13, 2021|
|Statement regarding security vulnerability in log4j||Dec 13, 2021|
|i-net HelpDesk - Neue Version 21.10||Nov 17, 2021|
|i-net PDFC - New Release 21.10||Nov 17, 2021|
|i-net Clear Reports - New Release 21.10||Nov 17, 2021|
|i-net HelpDesk - Neue Version 21.4||May 17, 2021|