Is Docklight affected by the log4j vulnerability CVE-2021-44228?

Is Docklight affected by the log4j vulnerability CVE-2021-44228?

Applies to: Docklight, Docklight Scripting, Docklight Pro Monitor, Docklight DLL, Article ID: dl_faq063

Our Docklight software products are NOT AFFECTED by the log4j vulnerability.

Technical Background:

– None of our software products and software packages (setup.exe) are built using Java or Java libraries (.jar).

– Our software does not include any other telemetry / usage logging components. We fully respect your data and privacy. For more information see the below link concerning our perpetual license model.

Additional precautionary steps taken:

– For our “Docklight DLL” API library, one of the usage examples is a Java integration example which includes the COM binding API library “com4j”. As a precaution, we ran a dedicated scanner (log4j2-scan.exe by Korean company logpresso) and found no vulnerability in the example.

– We checked our development PCs with log4j2-scan.exe. No vulnerability detected.

– We reviewed the source code of the log4j2-scan and can confirm the software code does what it says in the documentation.

For any additional security-related question concerning Docklight, please do not hesitate to contact us!

logpresso log4j2-scan CVE-2021-44228 vulnerability scanning and mitigation patch

Docklight Lifetime License and why we do not use telemetry components

Contact Us