Back

Is SmartConnect affected by the vulnerable version of Apache Log4J?

Published: Nov 04, 2024
Post Author Written by Pat Roth

We are running an earlier version of SmartConnect 21 and it is packaged with a vulnerable version of Apache Log4J (CVE-2018-1285). Have newer versions of SmartConnect been patched?

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1285
https://issues.apache.org/jira/browse/LOG4NET-575


Yes! Older versions of SmartConnect 21 used log4net.dll v2.0.8 which is affected by the referenced notices.

Starting with SC 21.1.0.1523, the assembly has been updated to 2.0.17 which patches the vulnerability.

Feeling stuck? Get the support and guidance you need to help you power through any data challenge

We're on your integration team. Connect with our people and let us know how we can help you.