We are pleased to inform you that Questetra is not affected by the Log4j vulnerability reported in CVE-2021-44228.
Please feel safe using Questetra BPM Suite.

Basis for judgment

  • The class that implements the specification in question in Log4j (org.apache.logging.log4j.core.lookup.JndiLookup) is not included
  • The old JDKs that are capable of JNDI code injection attacks are not used

%d bloggers like this: