Log4j Security Vulnerability News

  • Rochester Software Associates
  • |
  • January 14, 2022

On December 10, 2021, a critical security vulnerability was announced for the Apache Log4j software library. Log4j is developed by Apache and is a Java component which is widely used for logging purposes. It is frequently incorporated into Java-based software applications.

RSA’s Security Incident Response team was immediately engaged to assess the level of vulnerability for our customers. We quickly determined that certain versions of RSA’s WebCRD and QDirect software solutions were indeed vulnerable.

RSA’s Software Engineering team quickly developed a configuration change followed by a software patch to protect our customers. The changes remove the risk by disabling lookups via system properties. Fortunately, RSA was able to “push” the changes to most most of our customers in an automated fashion, ensuring that most were protected within several days. A small subset of our customers needed to be patched manually by RSA. This work is very nearly complete.

RSA does not have any evidence to suggest that any of our customer systems or internal systems were successfully breached due to this exposure.

Future releases of RSA WebCRD and QDirect will include the updated version of the Log4j library. As always, we encourage all eligible customers to request an upgrade from RSA by contacting us at service@rocsoft.com.

If you have questions about this security vulnerability or any other, please feel to contact us at service@rocsoft.com.

Share
Search Related Content

About the Author

Rochester Software Associates

Rochester Software Associates (RSA) is the only company in the industry to provide prepress, transformoutput management, and web to print software solutions to support digital production print workflows. For over 30 years, our enterprise customers have used RSA solutions to turn printing into productivity™, automating their print centers and seamlessly converging printing from the data center, in-plant, and distributed enterprise print environments.

Products like WebCRD™, the leading Web to print software provider for in-plants, QDirect™ Output Manager, and ReadyPrint™ prepress software maximize employee productivity and corporate profitability, boost operating efficiency, increase print volume without increasing staff, and delight customers with better turnaround times and 24/7 access.

For more information, visit https://www.rocsoft.com.

Stay Connected with RSA: Sign Up for Our Newsletters

Copyright © 2022 Rochester Software Associates, Inc. All Rights Reserved.

This website uses first and third-party cookies to ensure you have the best experience with our content. You may deactivate and delete these cookies using your browser cookie settings. If you do, some parts of our website may not function as intended. Read Cookie Policy.