National Institute of Standards and Technology (NIST) logged in a new vulnerability regarding Chainsaw, which also affected Log4J on Jan 18, 2022. Log4J is a common library from Apache Foundation used in products published by many companies, including the Xeams.
Chainsaw is a GUI-based application that can be used to view log files. Although Xeams does not use this application internally, a third-party library used in Xeams includes this application. Therefore, a user with malicious intent and access to the machine running Xeams could run this application.
Log4J is used in two components:
AppLauncher.jar, which is used to restart Syncrify/SynaMan. This file is not updated automatically. Therefore, follow the steps below to update this file.
unzip -l lib/SynaMan.jar | grep -i chainsaw
unzip -l patches/AppLauncher.jar | grep -i chainsaw
patches/AppLauncher.jarto another folder, such as
Syncrify.jar, whichever is applicable in your case.