National Institute of Standards and Technology (NIST) logged in a new vulnerability regarding Log4J on Dec 19, 2021. Log4J is a common library from Apache Foundation used in products published by numerous companies. Following products from Synametrics Technologies also use this library:
Although the affected version of the library is used in products published by Synametrics, the actual file with the problem is not. The vulnerability affects products that use JMSAppender class in Log4J, which is used to send logged messages to a remote computer using JMS Messaging.
Log files in products from Synametrics are only written to local disks, not across the network.
Although none of the products are affected, out of an abundance of caution, follow the steps below if you would like to patch this library on your end.
log4j.jarfrom here. This modified version does not contain
JMSAppenderclass, which is causing the problem. Since this class is not used, you will not get any runtime errors.
SocketServerclasses. Click here to download a pre-release edition of v5.3. This link will not work after Jan 17, 2022. Follow these instructions in order to patch Syncrify on your end. You will need a valid support contract in order to upgrade.
SocketServer) classes. You will need a valid support contract in order to upgrade.