Relution not affected by log4j/log4shell gap

Be secure with Relution

For the critical vulnerability in log4j (CVE-2021-44228), an increase of warning level to red was declared by the German Federal Office for Information Security (BSI) on December 12, 2021. You can read more about this in the official BSI statement.

Immediate testing on the Relution system ensured that Relution is not affected by the vulnerability.

Relution is not based on the affected “log4j” framework but uses Logback. See Log4J2 Vulnerability and Spring Boot.

Unused libraries will be removed with the next version

Relution uses support for Splunk (splunk-library-javalogging). The framework brings log4j-core in version <2.15.0. However, Relution does not use the affected framework. Therefore, the reported vulnerability cannot be exploited in our system. Nevertheless, an optimization was performed on Relution, in which the unused library log4j-core is completely removed. The software update will be available with the next Relution Server version 5.8 next week at the latest.

Our Relution Newsletter informs as soon as the new Relution version is available.

Our Relution Release Notes inform about all new features, enhancements, and optimizations of the Relution major release versions.

The new version of Relution will contain a multitude of functions as well as optimizations and improvements. For this reason, we recommend a prompt update to the current version after the release.

Foto: MWAY