Log4j vulnerability (CVE-2021-44228)
After an in-depth investigation, we determined that while log4j is present in all product versions, it is not one of the versions affected by the recent critical vulnerability CVE-2021-44228 and does not contain the JNDILookup plugin. Also, the logging function is already disabled in all product versions.
Therefore, no immediate action is required at this time.
- Backup server, Pro Backup, PC Backup, version 188.8.131.52 (and above) are not vulnerable to CVE-2021-44228 (Log4j vulnerability).
- Backup server, Pro Backup, PC Backup version 184.108.40.206 with hotfix 220.127.116.11+ and earlier versions (v6.29.x) are not vulnerable.
- Android/iPhone app 1.6+ is not vulnerable.
There will be another hotfix coming soon that will remove log4j completely from the products.
version 7.x, will be EOL as of Jan 1, 2022. No further improvements, development or hotfixes will be made.
version 6.x, is EOL as of December 31, 2018. No further improvements, development, or hotfixes are made.
If you are still using one of these older versions and want to upgrade, please contact us.« Back to news