Moderator jme Posted December 14, 2021 Moderator Report Share Posted December 14, 2021 Hi, The following information concerns the newly discovered Log4j security issue which has already generated some questions from users. Here is a summary of the situation with regard to Dataton products: WATCHOUT version 6, all versions There is no part of the Apache-libraries, containing the Log4j function, included in any version of the WATCHOUT source code. This goes for the production software, the display software and the dynamic image server. So, there is no reason for doing any updates or special security actions regarding the Log4j security issue. WATCHPAX As a result of the above, display servers manufactured by Dataton (WATCHPAX series) do not have any heightened risk of being hacked due to the Log4j security issue. WATCHMAX WATCHMAX servers in their original state as shipped from Dataton (ie, that have not been re-configured or had any additional software added) should not be affected by this security threat. Custom-built servers For custom-built servers running WATCHOUT, you need to check with the manufacturer of the server to see if any additional software installed on these servers may contain the Apache-libraries, containing the Log4j. If this is the case, it is up to the server manufacturer to resolve the issue. WATCHNET WATCHNET is Java-based and WATCHNET does have the Apache-libraries, containing the Log4j function, included in the code library. However, the version of the Log4j module is quite old, version log4j-1-2-17, and according to several sources it is only Log4j version 2.0 to 2.14.1 that is affected by this security threat. Some sources mention that there is an elevated risk, albeit low, that Log4j versions pre-2.0 can be affected. However, this does not apply to WATCHNET as the source code is encrypted. As always, Dataton strongly recommend that any system using WATCHNET or WATCHOUT should be used on an isolated network environment (not just because of this specific threat). If this is not possible a robust and freshly updated firewall should always be between the internal network and the rest of the world. Mikael J. Ena Senior Product Specialist Dataton AB 0 Quote Link to comment Share on other sites More sharing options...
MatzeLe Posted February 4, 2022 Report Share Posted February 4, 2022 Since when is "sourcecode is encryped" an argument why log4j should not be vulnerable? Can you explain please? 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.