0
Under review

Log4j vulnerability

J J 12 months ago in General updated by ComfortClick Support 12 months ago 2

Is bOS client and server affected by Log4j vulnerability?

Hello,

Log4j is specific for Java software. I think that both client and server are programmed in .NET, which is not Java.


Nonetheless, I've found log4net dll on the Windows bOS server, which is a port of the Apache Log4j framework to the Microsoft .NET runtime. I assume that the core of bOS might be written in .NET Framework-compatible software framework, like MONO.


So assuming that bOS might be using the log4net port of Log4j (at least on Windows based servers) maybe the team can tell us if we have reasons to be worried, and if anything is being done to prevent security problems.


Best regards

Under review

Hello,

Ricardo is right, bOS is mostly progammer in .NET so log4j is not used in our software. However as Ricardo pointed out, we are using log4net but only for bOS translator, which is a separate app, but the .dll is also included in config and server installation. In any case, log4net is not effected by the same vulnerability as log4j.

Best regards,