Dec
22
2021
A critical vulnerability in Apache Log4j 2 impacting versions from 2.0-beta9 to 2.14.1 has been publicly disclosed (CVE-2021-4104, CVE-2021-45046, CVE-2021-44228).
SubscriberCRM does not use the Apache Log4j library. SubscriberCRM does include 3rd party products or plugins, and these too have been found not to use the Apache Log4j library. Notable 3rd party products or plugins include:
Crystal Reports
This is used to create specific reports from SubscriberCRM. They have confirmed they do not use the Apache Log4j library - https://answers.sap.com/questions/13545419/log4j-security-vulnerability-with-sap-crystal-repo.html.
InstallShield
This is used to install SubscriberCRM. They have confirmed they do not use the Apache Log4j library - https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905.
Adept Tools
This is used for our Sage 50 integration. They have confirmed they do not use Apache Log4j library.
SubscriberCRM should not be affected by this vulnerability.
We would always recommend keeping SubscriberCRM up to date, and so please update to the latest version if it's not already. More information about updating SubscriberCRM can be found here.