croit is not affected by the recent log4j exploit

2021-12-13

#Not affected by CVE-2021-44228

Since we’ve been asked about the critical bug in a lot of Java software, we feel compelled to offer some feedback on the log4j bug.

In light of the recent vulnerabilities around Log4J we have undertaken a review of our code to ensure that we are not exposed to any of these vulnerabilities. We are happy to confirm that within our platform we do not make use of Log4J and as such are not exposed to any of the vulnerabilities that it exposes. Our software uses logback via slf4j and thus does not use the faulty log4j component.

Regardless, we always recommend not running mission-critical software publicly on the Internet. And we would classify storage management as mission-critical, which is why it should never be accessible and vulnerable from the outside.

If you have further questions, please email support@croit.io.