13.12.2021
Critical vulnerability
SOFTWARE KIX NOT AFFECTED
Important information for KIX customers:
Press release from the German Federal Office for Information Security (BSI)
The BSI has published the press release"Warning level red: vulnerability Log4Shell leads to extremely critical threat situation" on 11/12/2021. Log4Shell is a logging library for Java applications and is used by numerous server systems, among others also from Apache.
First patches and updates to close the vulnerability are already available. You can read an overview of known affected systems and the ToDos that may be required here: https://github.com/NCSC-NL/log4shell/tree/main/software.
However, we would like to give you the all-clear for our software KIX, as the application itself does not use this Java library Log4j. The resulting security gap is not relevant for KIX.
"This is where the advantages of open source become apparent, because in specific reference to the Log4Shell OSS project, the rapid provision of security patches worked very well.
A great example of how quickly many a problem is solved with open source software. Let us remain vigilant together in the future!"
Rico Barth, Managing Director c.a.p.e. IT GmbH
