Latest iText products are not affected by Log4j2 vulnerability

In case you have any concerns about the recent Log4j vulnerability, we can assure you that the iText Suite (5 & 7) are not affected by this issue. iText DITO might be falsely flagged as potentially affected, but we are happy to let you know it is not. Read on for more details.

Share this article

vulnerability main image

As you might be aware, a Log4j2 vulnerability was reported on December 9 2021. The remote code execution vulnerability CVE-2021-44228 was found in the Apache Log4j library, a part of the Apache Logging Project. If a product uses a vulnerable version of this library with the JNDI module for logging purposes, there is a high possibility that this vulnerability can be exploited. (Source: https://securelist.com/cve-2021-44228-vulnerability-in-apache-log4j-library/105210/).

In case you have any concerns about this related to iText products, we can assure you that the iText Suite (5 & 7) are not affected by this issue. iText DITO might be falsely flagged as potentially affected, but we are happy to let you know it is not. While we do have a log4j dependency on the Manager component, the JDK version used within the container is not part of the vulnerability.

However, to address any concerns, we will be releasing an update this week for iText DITO to resolve this false positive.



문의

문의가 해결되지 않았습니까? 

저희가 도와드리겠습니다. 연락해 주시면 빠르게 답변해 드리겠습니다.

문의하기
최신 정보를 받아보세요

11,000명 이상의 가입자와 함께 새로운 제품, 업데이트, 팁, 기술 솔루션 및 기회에 대한 최신 정보를 받아보시면서 iText PDF 전문가가 되어보세요.

지금 구독하기