Critical vulnerability in log4j published
The BSI has raised the IT threat level to 4/red due to the critical vulnerability in log4j.
In this context we would like to inform you that calServer is not affected by the vulnerability. Your data is safe and protected as usual. Since the affected version of log4j2 was not used in our services at any time, there was never a risk of compromise by this vulnerability.
We rely on the solutions of the service Snyk in the context of a consistent and permanent vulnerability analysis. In addition to the permanent analysis, we immediately performed a separate scan for the Log4j vulnerability. Again, no vulnerabilities were found.
Our internal resources are here permanently analyzed with the Snyk code monitoring, our external resources(your cloud service) were additionally tested with the log4j-scan vulnerability scanner. Furthermore, the recommendations for handling log4j and Docker of the Docker Blog were implemented in the latest version of calServer.