Apache Log4j Vulnerability



Log4j is a widely used open source logging library for Java applications developed by the Apache Foundation. Log4j versions before 2.15.0 have a critical security vulnerability (CVE-2021-44228) allowing remote code execution.

TestArchitect Product

TestArchitect software does not use Log4j, so is not affected by CVE-2021-44228.

This includes: TestArchitect Client, TestArchitect Agent, Repository Server, and License Server

Recommended Actions: no action required if you’re not using any Java-based extensions (see more details below).

Third-Party TestArchitect Extensions, Tools & Utilities

As TestArchitect provides extensibility architecture, APIs and command line interface which allow the user to extend its usage, it might be possible that Log4J has been chosen to use by the developers when they create their own TestArchitect extensions, tools and utilities.

Recommended Actions: contact the extension, tool or utility developer to determine if Log4j is used and plan to upgrade it accordingly. For those that were developed by LogiGear’s Service Delivery team, you’ll be notified by the team with a patch remediation plan.

In case we identify any impact to our products and services or action required by customers, we will provide additional communications.

Comments to this discussion are now closed!