Researchers have discovered a critical vulnerability (CVE-2021-44228, CVE-2021-45046) in the Apache Log4j library that affects millions of applications.
We would like to assure all our users that ISL Online software does not use Log4j and IS NOT affected by the Log4Shell vulnerability.
A remote code execution (RCE) zero-day vulnerability (CVE-2021-44228, CVE-2021-45046) was discovered in Apache Log4j, a widely used Java logging library. It enables threat actors to take complete control of servers without authentication.
If you want to learn more about this vulnerability and how to mitigate it, LunaSec has published a detailed blog post about it.
ISL Online is not vulnerable
Our engineering and information security teams have conducted a comprehensive assessment of the Log4Shell vulnerability (CVE-2021-44228, CVE-2021-45046). We have not identified any material exposure to the Log4j vulnerability that would affect the safe use of ISL Online’s products.
We will continue to monitor the situation and reassess the vulnerability as necessary.
Keep your ISL Online software up to date
As mentioned earlier, ISL Online does not use Log4j, so the update is not critical. However, we recommend that our users always use the latest version of the ISL Online software.
If you are a Hosted Service (SaaS) user, you are always using the latest version of ISL Online, which includes all the latest features and security enhancements.
If you are a Server License user, we recommend that you keep your ISL Conference Proxy up to date and follow security best practices.