Applies to: Docklight, Docklight Scripting, Docklight Pro Monitor, Docklight DLL, Article ID: dl_faq063
Our Docklight software products are NOT AFFECTED by the log4j vulnerability.
Technical Background:
– None of our software products and software packages (setup.exe) are built using Java or Java libraries (.jar).
– Our software does not include any other telemetry / usage logging components. We fully respect your data and privacy. For more information see the below link concerning our perpetual license model.
Additional precautionary steps taken:
– For our “Docklight DLL” API library, one of the usage examples is a Java integration example which includes the COM binding API library “com4j”. As a precaution, we ran a dedicated scanner (log4j2-scan.exe by Korean company logpresso) and found no vulnerability in the example.
– We checked our development PCs with log4j2-scan.exe. No vulnerability detected.
– We reviewed the source code of the log4j2-scan and can confirm the software code does what it says in the documentation.
For any additional security-related question concerning Docklight, please do not hesitate to contact us!
logpresso log4j2-scan CVE-2021-44228 vulnerability scanning and mitigation patch
Docklight Lifetime License and why we do not use telemetry components