Latest iText products are not affected by Log4j2 vulnerability

In case you have any concerns about the recent Log4j vulnerability, we can assure you that the iText Suite (5 & 7) are not affected by this issue. iText DITO might be falsely flagged as potentially affected, but we are happy to let you know it is not. Read on for more details.

vulnerability main image

As you might be aware, a Log4j2 vulnerability was reported on December 9 2021. The remote code execution vulnerability CVE-2021-44228 was found in the Apache Log4j library, a part of the Apache Logging Project. If a product uses a vulnerable version of this library with the JNDI module for logging purposes, there is a high possibility that this vulnerability can be exploited. (Source: https://securelist.com/cve-2021-44228-vulnerability-in-apache-log4j-library/105210/).

In case you have any concerns about this related to iText products, we can assure you that the iText Suite (5 & 7) are not affected by this issue. iText DITO might be falsely flagged as potentially affected, but we are happy to let you know it is not. While we do have a log4j dependency on the Manager component, the JDK version used within the container is not part of the vulnerability.

However, to address any concerns, we will be releasing an update this week for iText DITO to resolve this false positive.



Contacto

¿Aún tiene preguntas? 

Estamos encantados de responder a sus preguntas. Comuníquese con nosotros y le responderemos a la brevedad.

Contáctenos
Manténgase actualizado

Únase a más de 11,000 suscriptores y conviértase en un experto en iText PDF al mantenerse al día con nuestros nuevos productos, actualizaciones, consejos, soluciones técnicas y eventos.

Suscríbase ahora