Last update: 16/12/2021
Status PDF-AS log4j Vulnerability
Dear Ladies and gentlemen, From the current perspective, there is no need for action on PDF-AS with regard to the log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046. In detail, the problematic component for CVE-2021-44228 is in the logger backend implementation of log4j and thus in the file "log4j-core-xxx.jar", whereby all versions between 2.0.0 and <2.16.0 are affected. This does not affect, for example, the log4j API "log4j-api-xxx.jar", since it only provides the interface but no implementation, or log4j bridges, such as "log4j-to-slf4j-xxx.jar", as this only provides one…
ICT security