Sectigo nos envía la siguiente comunicación relacionada con la vulnerabilidad de la Java logging library ("Log4j"):
Sectigo is aware of the vulnerability reported with Java logging library ("Log4j") under CVE-2021-44228. Our infrastructure and development teams have confirmed that Log4j is not used in our applications and products, and as such, there are no known threats to your existing Sectigo solutions due to Log4j. We will continue to monitor the situation and alert you of any changes if necessary.
If you have any further questions, don't hesitate to contact our support team.
Sincerely,
Sectigo
Han puesto en la entrada del SCM el siguiente aviso:
Please accept the following Notification
There Are Currently No Threats to Sectigo Solutions
https://sectigo.com/resource-library/sectigo-update-on-log4j-java-logging-exploit
Over the past week, there has been a lot of news surrounding a newly discovered Remote Code Execution (RCE) exploit within the Java logging library (Log4j) under CVE-2021-44228. This exploit potentially affects over a third of web servers worldwide, since this Java logging library is so prevalent on Apache web servers and widely used in the development of Java applications.