Log4J Update
Log4j Java Vulnerability CVE-2021-44228
Is SigmaPlot version 13, version 14 or version 14.5 affected by Log4j Java Vulnerability CVE-2021-44228?
No, SigmaPlot version 13, version 14 and version 14.5 are NOT vulnerable to Java Log4j. For more details see below.
Since SigmaPlot version 13 uses Sentinel version 7.1, and the EMS has been upgraded to version 7.5. In SigmaPlot version 14 and SigmaPlot version 14.5 we use Sentinel LDK 7.5.
All these versions of SigmaPlot are written in C++ using Microsoft Foundation Class.
Apache log4j 2.12 where the current vulnerability lies, is used by the following versions of Sentinel LDK-EMS:
- Sentinel LDK-EMS version 7.10 – only with Patch 1/2020
- Sentinel LDK version 8.0 (with or without patches)
- Sentinel LDK version 8.2 (with or without patches)
Hence SigmaPlot version 13, version 14 and version 14.5 are NOT vulnerable to Java Log4j CVE-2021-44228.