Therefore News & Blog

Log4J Vulnerability – Therefore™ Unaffected

diciembre, 14 by  |  Announcements, Events, Webinars

Therefore™ Statement on Log4J Vulnerability



In mid-December 2021, a security vulnerability in the Log4J Java library was made public (CVE-2021-44228). This vulnerability in the Java logging libraries can allow unauthorized remote code execution and access to affected, unpatched servers.



Neither Therefore™ Online nor Therefore™ On-Premise are affected by this vulnerability.

Nearly all Therefore™ applications are developed in C++, C#, and JavaScript, and are thus unaffected.

The only Therefore™ component that uses Java is the Therefore™ MEAP app (also known as the Therefore™ MFP Application). Therefore Corporation developers have thoroughly checked this app and confirmed that it does not use Log4J. The app is thus unaffected by the vulnerability.


Additional Information:

Therefore™ makes use of an open source component called Log4Net. This is a logging library written in C# for .NET, not Java. Log4Net is thus unaffected by the Log4J vulnerability since the programming and the component itself are different and separate.


Therefore News & Blog


  • No hay categorías