Latest iText products are not affected by Log4j2 vulnerability

In case you have any concerns about the recent Log4j vulnerability, we can assure you that the iText Suite (5 & 7) are not affected by this issue. iText DITO might be falsely flagged as potentially affected, but we are happy to let you know it is not. Read on for more details.

vulnerability main image

As you might be aware, a Log4j2 vulnerability was reported on December 9 2021. The remote code execution vulnerability CVE-2021-44228 was found in the Apache Log4j library, a part of the Apache Logging Project. If a product uses a vulnerable version of this library with the JNDI module for logging purposes, there is a high possibility that this vulnerability can be exploited. (Source: https://securelist.com/cve-2021-44228-vulnerability-in-apache-log4j-library/105210/).

In case you have any concerns about this related to iText products, we can assure you that the iText Suite (5 & 7) are not affected by this issue. iText DITO might be falsely flagged as potentially affected, but we are happy to let you know it is not. While we do have a log4j dependency on the Manager component, the JDK version used within the container is not part of the vulnerability.

However, to address any concerns, we will be releasing an update this week for iText DITO to resolve this false positive.



お問い合わせ

それでも問題が解決しませんか? 

お寄せいただいたご質問には、喜んでお答えいたします。当社へご連絡ください。内容を確認次第、追ってご連絡いたします。

問い合わせる
常に最新情報を得る

11,000人以上の購読者に加わって、iTextの新しい製品、アップデート、ヒント、記述的な解決策や出来事に関する最新情報を得ることでiText PDF専門家になりましょう。

今すぐ購読