Revolving around the core of technology
National Institute of Standards and Technology (NIST) logged in a new vulnerability regarding Log4J on Dec 19, 2021. Log4J is a common library from Apache Foundation used in products published by numerous companies. Following products from Synametrics Technologies also use this library:
Although the affected version of the library is used in products published by Synametrics, the actual file with the problem is not. The vulnerability affects products that use JMSAppender class in Log4J, which is used to send logged messages to a remote computer using JMS Messaging.
Log files in products from Synametrics are only written to local disks, not across the network.
Although none of the products are affected, out of an abundance of caution, follow the steps below if you would like to patch this library on your end.
log4j.jar from here.
This modified version does not contain JMSAppender class, which is causing the problem. Since this class is not used, you will not
get any runtime errors.22486aa01a6352b8c6068cf9dd545221| Software | Operating System | Location |
|---|---|---|
| Xeams | Windows | C:\Xeams\lib |
| Xeams | Linux | /opt/Xeams/lib |
JMSAppender and SocketServer classes.
Click here to download a
pre-release edition of v5.3. This link will not work after Jan 17, 2022. Follow these instructions in order to
patch Syncrify on your end. You will need a valid support contract in order to upgrade.
JMSAppender and SocketServer) classes. You will need a valid support contract in order to upgrade.