13. December 2021

deviceTRUST + CVE-2021-44228 – Rest assured, no JAVA involved here!

If you have opened Twitter, LinkedIn or basically anything with Internet access since last Thursday, you will have heard of “log4j” or “Log4Shell”. There are already heaps of very good sources on the details of this security issue. Please refer to those if you wish to get more insight:

You might be wanting to take a look at the list of affected software to make sure you can take the right measures authomize/log4j-log4shell-affected (github.com)

That being said: deviceTRUST does not use any Apache JAVA components at all. Though we use a server-client-concept in some situations, none of our components include JAVA code in general or the affected libraries in special. deviceTRUST is, thus, not affected by CVE-2021-44228.

We wish everyone a stress-less patching proves and to be not affected!