Latest iText products are not affected by Log4j2 vulnerability

In case you have any concerns about the recent Log4j vulnerability, we can assure you that the iText Suite (5 & 7) are not affected by this issue. iText DITO might be falsely flagged as potentially affected, but we are happy to let you know it is not. Read on for more details.

Share this article

vulnerability main image

As you might be aware, a Log4j2 vulnerability was reported on December 9 2021. The remote code execution vulnerability CVE-2021-44228 was found in the Apache Log4j library, a part of the Apache Logging Project. If a product uses a vulnerable version of this library with the JNDI module for logging purposes, there is a high possibility that this vulnerability can be exploited. (Source: https://securelist.com/cve-2021-44228-vulnerability-in-apache-log4j-library/105210/).

In case you have any concerns about this related to iText products, we can assure you that the iText Suite (5 & 7) are not affected by this issue. iText DITO might be falsely flagged as potentially affected, but we are happy to let you know it is not. While we do have a log4j dependency on the Manager component, the JDK version used within the container is not part of the vulnerability.

However, to address any concerns, we will be releasing an update this week for iText DITO to resolve this false positive.



Contact

Vous avez d'autres questions ?

Nous y répondrons avec plaisir. Contactez-nous et nous reviendrons vers vous sous peu.

Contactez-nous
Restez à jour

Rejoignez plus de 11 000 abonnés et devenez un expert iText PDF en vous tenant au courant de nos nouveaux produits, mises à jour, conseils, solutions techniques et événements.

Abonnez-vous