• News

Security gap in log4j: windream not affected

With this message, we would like to inform you that with the current state of knowledge, windream products are basically not affected by the critical vulnerability in log4j, as versions 2.0 to 2.14.1 are not used in windream.

Security gap in log4j: windream not affected

Important note: log4j

The reason for this positive notification is that we use version 1.2.17 of log4j in the product windream ArcLink for SAP and in the windream CMIS interface. According to information from the BSI, log4j versions 1.x are not affected by this vulnerability. Further information can be found on the BSI (Federal Office for Information Security) homepage under the following link (page 3, update 2):

About the BSI security alert

On page 4, Update 4, reference is made to tools which can be used to determine whether the affected versions of log4j are used on a system.

windream ArcLink also requires the use of a suitable version of Apache Tomcat. According to Apache, Tomcat does not use log4j in its default configuration. The default configuration is not changed by windream ArcLink.

https://tomcat.apache.org/tomcat-8.0-doc/logging.html
https://tomcat.apache.org/tomcat-9.0-doc/logging.html

After extensive tests in our company and in order to exclude all risks, we have decided to migrate windream ArcLink to the latest version of log4j. However, the migration will take some time. We will inform you as soon as a new version is available.

News article - windream GmbH

Stay up-to-date: Get news about promotions and events as well as interesting facts about digital document and process management in our monthly newsletter.
Subscribe now

image description
You have questions?
Patrick Plenz marketing and corporate communications

windream News en2

Stay up-to-date and subscribe to our windream newsletter now.

Subscribe now