Is log4j used under the hood?

Hi,

does the software use log4j under the hood?

2 Likes

I have also customers, that got nervous.
Is the connect server vulnerable to Log4Shell?
If yes, what is the recommended way to close the vulnerability?

Best regards
Ivan

2 Likes

I suppose it is used under the appache commons logging, so I would like an official update from OL.

2 Likes

I would also like to know this, as our customer could be at risk. Please provide an urgent update.

In the past, Connect was using log4j but we took it out with the Connect 2018.1 release.
So as long as your version is 2018.1 or later, there is no issue.

1 Like

Thanks Phil for your reply. It would be great if OL could post an official information anywhere because many customers are afraid about it.

@Phil, is it possible to share an official statement of OL regarding this issue? We will share this with our customers. Thanks in advance.

We are currently working on posting a official message on the OL web site’s home page.

Stay tuned!

1 Like

The official statement was posted in a blog article: Statement on Log4J vulnerability (CVE-2021-4428) - OL® Learn (objectiflune.com).

The link to that blog article will also be posted on our LinkedIn page Objectif Lune: Overview | LinkedIn

4 Likes