This security bulletin follows an alert released on December 10^th 2021 and related to the newly discovered Log4j Apache library vulnerability dubbed Log4Shell.

ARC Informatique invites all users of its products to actively watch for software and hardware updates addressing Log4Shell. It is advised to test them prior to deployment on production system. Such tests should cover effectiveness, performances and regressions.

ARC Informatique’s products are NOT affected by this vulnerability, therefore no update is required. The library Log4j is not used or included in any supported or unsupported release of our products.

At the time of writing, no third-party product distributed by ARC Informatique is known to be affected.

Nevertheless, the hosting environment and network components might be affected and require close attention and careful inspection. Security updates will be necessary for products and services using affected versions of Log4j. We recommend you to refer to vendors of these products and services.

Last update: January 7th, 2022