15 December 2021
Log4j security threat
You or your IT provider may have become aware of a significant cyber-security issue discovered yesterday involving a commonly-used software component called “Log4j”.
“Log4j” is used very widely in computer software, like cement is very widely used in buildings, so the discovery of this threat is of significant concern worldwide.
The threat — known in the industry as CVE-2021-44228 — involves certain versions of Log4j potentially enabling hackers to take full control of a vulnerable machine, thereby significantly compromising all aspects of the machine, the networks to which it connects, and the data stored on it.
Detailed technical information about the threat can be found at https://www.cve.org/CVERecord?id=CVE-2021-44228
Log4j and the FileMaker platform
Decent Group software is built on the FileMaker platform which is produced by Claris International Inc., which is a subsidiary of Apple.
Claris International Inc. has released a statement today confirming:
- Claris FileMaker Server 18 and 19, Claris FileMaker Pro, and Claris FileMaker Cloud are not impacted by the Log4J2 zero-day vulnerability and no further action is needed.
- The Log4j vulnerability affects package versions from 2.0 to 2.14. FileMaker Server 16 and 17 use an earlier version of Apache Log4j that is not impacted.
It is therefore Decent Group’s understanding that FileMaker software from version 16 onwards is unaffected by the vulnerability, meaning no action is required in respect of FileMaker-powered software.
Claris officially support only newer versions of the FileMaker platform and it is recommended that users of older versions should upgrade to these. Upgrades can be complex to carry out well so please contact Decent Group for advice on how to proceed. Call 01793 250 198 or email firstname.lastname@example.org
Other software installed on your systems may use Log4j as a component. Please act on any advice you receive from software vendors or your IT team to make sure any threat is eliminated.