No Indication That SecureLink Products Are Affected By Log4j Vulnerability

The SecureLink Informational Security team is aware and tracking the developing information regarding the vulnerability reported in the Java logging library (Log4j). At this time, our team has found no indication that any SecureLink product has been affected by the vulnerability.

What Is The Vulnerability?

Log4j is one of the most widely-used logging libraries used online, and is often used for data tracking and auditing. The current vulnerability could offer a pathway for hackers to break into a system’s servers through this open-source software. 

Your SecureLink Product Is Safe

On Dec. 10th, our team validated that the Log4j Core library (log4j-core) is not present in any java classpaths currently deployed by our products. In addition, the Apache Software Foundation, published a patch for the vulnerability on Friday, Dec. 17th. 

SecureLink does not use log4j for logging; however, we do use log4j-related libraries (such as log4j-api) which are simply bridge libraries to make software that attempts to log to log4j actually write to the logger installed in the software. 

As always, SecureLink will continue to test and monitor this situation, and will send additional correspondence if warranted. Please do not hesitate to reach out with any further questions or concerns, either by contacting our Success team at csm@securelink.com or opening a ticket with our Support team.