Syniti is aware of the Apache Log4j issues (CVE-2021-44228 & CVE-2021-45046) and is working diligently to understand and address the impact of this vulnerability. Based on our assessment, the only Syniti software product impacted is the Knowledge Tier, and we have addressed it as follows:
- December 10th 2021: The impacted component of the Knowledge Tier has been updated to use version 2.16 of log4j.
- January 5th 2022: Due to a new report of a vulnerabilities (CVE-2021-45105 & CVE-2021-44832), The impacted component of the Knowledge Tier has been updated to use version 2.17.1 of log4j.
If you have any questions or concerns about this issue please submit a ticket to our support team.