We are pleased to inform you that Questetra is not affected by the Log4j vulnerability reported in CVE-2021-44228.
Please feel safe using Questetra BPM Suite.
Basis for judgment
- The class that implements the specification in question in Log4j (org.apache.logging.log4j.core.lookup.JndiLookup) is not included
- The old JDKs that are capable of JNDI code injection attacks are not used