Recent reports about a security vulnerability related to CVE-2021-44228 Apache Log4j 2 RCE – log4shell have come to our attention. Please know that nQzw’s Enterprise Platform does not include Log4j jar files affected by this vulnerability.
While Enterprise Platform does include Log4j version 1.2, it is not configured in a way that is vulnerable relevant to the related report (CVE-2021-4104). Nevertheless, and in an abundance of caution, we do plan to remove Log4j from the installation in the future.
Please understand that security is always our number one priority, and we will continue to monitor for any potential security vulnerabilities and communicate to you as any risks present themselves.
For questions or concerns, please reach out to firstname.lastname@example.org.