Log4j Security Vulnerability News

  • Rochester Software Associates
  • |
  • January 14, 2022

On December 10, 2021, a critical security vulnerability was announced for the Apache Log4j software library. Log4j is developed by Apache and is a Java component which is widely used for logging purposes. It is frequently incorporated into Java-based software applications.

RSA’s Security Incident Response team was immediately engaged to assess the level of vulnerability for our customers. We quickly determined that certain versions of RSA’s WebCRD and QDirect software solutions were indeed vulnerable.

RSA’s Software Engineering team quickly developed a configuration change followed by a software patch to protect our customers. The changes remove the risk by disabling lookups via system properties. Fortunately, RSA was able to “push” the changes to most most of our customers in an automated fashion, ensuring that most were protected within several days. A small subset of our customers needed to be patched manually by RSA. This work is very nearly complete.

RSA does not have any evidence to suggest that any of our customer systems or internal systems were successfully breached due to this exposure.

Future releases of RSA WebCRD and QDirect will include the updated version of the Log4j library. As always, we encourage all eligible customers to request an upgrade from RSA by contacting us at service@rocsoft.com.

If you have questions about this security vulnerability or any other, please feel to contact us at service@rocsoft.com.

Search Related Content

About the Author

Rochester Software Associates

Rochester Software Associates (RSA) is the only company in the industry to provide prepresstransformoutput management, and Web to Print software solutions to support digital production print workflows. For over 35 years, our customers have used RSA solutions to turn printing into productivity™, automating their print centers and seamlessly converging printing from the data center, in-plant, and distributed enterprise print environments. RSA’s proprietary AnyPrint™ technology works across production printers, enabling RSA software to send fully ticketed print jobs to all production print devices from the major print vendors, eliminating the need to manually re-ticket jobs. 

RSA's AnyPrint technology is a core technology embedded in all RSA products. Products like WebCRD, the leading Web to print software for in-plants, QDirect Output Manager, and ReadyPrint prepress software maximize employee productivity and corporate profitability, boost operating efficiency, increase print volume without increasing staff, and delight customers with better turnaround times and 24/7 access. 

For more information, visit https://www.rocsoft.com.

Stay Connected with RSA: Sign Up for Our Newsletters

Copyright © 2024 Rochester Software Associates, Inc. All Rights Reserved.

This website uses first and third-party cookies to ensure you have the best experience with our content. You may deactivate and delete these cookies using your browser cookie settings. If you do, some parts of our website may not function as intended. Read Cookie Policy.