CVE-2021-44228 / LOG4SHELL / log4j vulnerability

Last modified by Arthur Heffern on 2021/12/14 23:01

We have completed a material audit of the iSymphony codebase and dependencies and have determined that iSymphony v3 is NOT vulnerable to CVE-2021-44228. iSymphony has utilized logback as it's primary logging facility provider since its inception which does not suffer as a vector relating to this vulnerability. We have completed approximately 95% of an audit of the remaining dependency graph and have confirmed that all apparent packages thus far are also not impacted. To be as thorough as possible, we are continuing a comb through of all remaining dependencies, double & triple checking our work and will update our customers via this page if there is any other discovery or findings.

   
iSymphony