Log4j2 vulnerability
status
At present, it does not appear that any of the Java programs
distributed with BIRCH presents vulnerabilities due to the log4j2
exploit. We have confidence in this assertion for several
reasons:
- Log4j2 applies
only to Java applications
- A scan of all Java
applications, including source code and .jar files was done
to identify potentially vulnerable applications.
- Some older
applications use versions of log4j that are not
susceptible to this exploit.
- None of these
applications acts as a web or peer-to-peer server
- All BIRCH
applications run with user permissions only. None uses admin
permissions.
Out of an abundance of
caution, further investigation into this potential problem are
ongoing.This message will be updated accordingly.
We will take this opportunity to
remind all BIRCH users that your best defenses against
potential security threats are to
- run system updates on a routine basis
- back up your files offsite (eg. to the
cloud or network-attached storage)
- change your passwords frequently.