If you have opened Twitter, LinkedIn or basically anything with Internet access since last Thursday, you will have heard of “log4j” or “Log4Shell”. There are already heaps of very good sources on the details of this security issue. Please refer to those if you wish to get more insight:
- org CVE – CVE-2021-44228 (mitre.org)
- org Log4j – Apache Log4j Security Vulnerabilities
- ch Zero-Day Exploit Targeting Popular Java Library Log4j (admin.ch)
- ArsTechnica: Zero-day in ubiquitous Log4j tool poses a grave threat to the Internet | Ars Technica
You might be wanting to take a look at the list of affected software to make sure you can take the right measures authomize/log4j-log4shell-affected (github.com)
That being said: deviceTRUST does not use any Apache JAVA components at all. Though we use a server-client-concept in some situations, none of our components include JAVA code in general or the affected libraries in special. deviceTRUST is, thus, not affected by CVE-2021-44228.
We wish everyone a stress-less patching proves and to be not affected!