Published on December 17, 2021.

Log4j Vulnerability

We are getting requests from our customers who are concerned about the so-called Log4j vulnerability.
Log4j is an open source, Java-based Apache logging framework which can be used to record and document messages created by software applications. The recently discovered vulnerabilities (CVE-2021-44228 and CVE-2021-45046) affect several Log4j 2.X versions and allow remote code extraction due to erroneous handling of JNDI constructs. See for more information. 
We have performed a dependency analysis for BTC EmbeddedPlatform. BTC EmbeddedPlatform is not using Log4j as a logging mechanism.
Although Log4j is not used, a non-affected Log4j 1.x version (see is part of the BTC EmbeddedPlatform installation via the underlying Eclipse framework.  
Therefore, we can confirm, that none of our BTC EmbeddedPlatform Releases are affected by CVE-2021-44228 and CVE-2021-45046.