This Knowledgebase provides information regarding the Apache Log4j security vulnerability (CVE-2021-44228). UPDATED March, 21 2022
It has come to Neverfail’s attention that a vulnerability classified under the highest severity mark of 10 has affected Apache Log4j v2. Neverfail is aware of this vulnerability. This is an open source Java library that is used by many software providers around the world.
Neverfail Continuity Engine has recently released a new version (v9 UPDATE 3) which fully addresses concerns over Apache Log4j. The current version of Continuity Engine now uses the latest version (2.17) of Apache Log4j APIs. Continuity Engine in previous (legacy) versions ONLY used Log4j to write out its own system logs. This is why Neverfail found the risk to be very low. Although Continuity Engine does not use components that exhibit the vulnerabilities that we have seen when certain Log4j APIs are used, Continuity Engine was using the older version 1 of the APIs that are no longer supported.
Therefore in December 2021, Neverfail made a decision to update Continuity Engine to the latest version of Log4j so there was no "perception" of vulnerability and it will use supported APIs where the (CVE-2021-44228) vulnerabilities have been remediated.
For more information on how to upgrade to version 9 UPDATE 3, please see the following links:
If you would like assistance with the upgrade process, Neverfail Professional Services are here to help! Please contact your Neverfail Account Manager at firstname.lastname@example.org
and they will be able to give you professional services options to assist with the upgrade process.