Critical vulnerability in Apache Log4j - all clear for our customers

The Bundesamt für Sicherheit in der Informationstechnik (BSI) has upgraded the threat level of the Log4j (CVE-2021-44228) vulnerability that became known last week to red. The impact of this vulnerability is cited by industry experts as the largest and most critical IT vulnerability in the last decade.

This critical vulnerability may affect all Java applications accessible from the Internet that log parts of user requests with the help of Log4j. Countless software solutions appear to be affected by this security flaw. The exact extent is not yet known.

Good news for our customers

Our application itself is not programmed in Java and does not use the Log4j logging library. The log4net module is used for all migRaven products. This is not affected by the security vulnerability.

If you still have any questions about this message, please do not hesitate to contact us at: