For clarity: Storegate’s services are not affected by the Log4Shell vulnerability in Log4j. To be affected, you need to have a software that uses this logging framework and Storegate does not have that.
The Log4Shell issue
Log4j is a Java logging framework to log data in the Java platform. Logging framework facilitates and standardizes the logging process when developing in the Java platform. In particular, it provides flexibility by avoiding special output to the console, as the logs written become independent of the code and can be customized at runtime.
Unfortunately, the Java platform did not include logging in its initial release, so by the time the Java Logging API was added, several other logging frameworks such as Apache Commons Logging and Log4j had already been adopted. This led to problems when integrating different third-party libraries that each had different logging frameworks. With the discovery of the Log4Shell vulnerability in Log4j, it is difficult to find where in the code it is located. Simply put, the programs that contain this framework can be “hacked into”.
As far as the use of our services is concerned, you do not need to worry in any way as we do not use the Java platform for our services. Of course, the Log4Shell issue is not the only threat and we PEN-test our services continuously to find any other vulnerabilities.
If you have any further questions on the subject, please contact Storegate Support.
