TargetStream Software Not Impacted by Recent Log4j Vulnerability

Filed in News by on December 13, 2021

The recent Log4j vulnerability is CVE-2021-44228. StreamEDS does not use log4j and is not impacted by this vulnerability. More specifically, this vulnerability does not impact any of StreamEDS headless, StreamEDS Workbench (the GUI), StreamEDSN, or the default StreamEDS workspace.

This vulnerability exists in the log4j-core library of Log4j2 versions less than 2.15.0. None of the StreamEDS products include the log4j-core library. A few third-party libraries use the log4j API, but those libraries also do not include log4j-core.

StreamEDP back to 2013 also did not include Log4j 2. Because Log4j 2 was released in July 2014, this means no version of StreamEDP contains the log4j-core library from Log4j 2. StreamA2P likewise predates the vulnerable log4j-core library from Log4j 2 and could never include it, although StreamA2P did use Log4j 1.

-TargetStream Security Team

Comments are closed.