- Article type
- APCON Statement
- Published on
APCON products do not use Apache Log4j
- Updated on
- Wilsonville, Oregon
APCON products/services DO NOT USE Apache Log4j and are unaffected by remote code execution vulnerabilities classified as CVE-2021-44228.
As reported in the media, an exploit code has been released for a serious code-execution vulnerability (CVE-2021-44228) in Log4j, an open-source logging utility that's used widely in applications, including those used by large enterprise organizations and a host of popular frameworks. None of the services, software, or infrastructure provided by APCON include Log4j, thus APCON clients are not impacted by this vulnerability. For those affected, The U.S. Cybersecurity and Infrastructure Security Agency encourages users and administrators of Log4j versions 2.0 through 2.14 to upgrade to Log4j 2.15.0 or apply recommended mitigations immediately.