Universal Robots Forum

Log4j security vulnerability, CVE-2021-44228/ Log4Shell / LogJam

I am wondering if the robots affected by the security hole that was discovered with log4j since newer versions of Polyscope use this API.

From what I have read so far, the vulnerability applies to all versions up to Log4j 2.15

3 Likes

We are currently investigating how vulnerable the robots are to this exploit. Updated versions of log4j will be part of our next standard release. But if there is a security risk, we will release a special software update sooner.

There are also recommendations for mitigation by the Apache Foundation. For example, removing the JndiLookup.class from the modified-log4jcore jar file. We are checking these at the moment too. But maybe they are an option for you to apply if you feel your robot is especially at risk. Please make a backup of the file before attempting anything, just in case.

2 Likes