Is Glossary Converter affected by log4j Vulnerability?

Please help to confirm whether Glossary Converter is affected by log4j Vulnerability or not, as well as other applications in Appstore.

emoji

Top Replies

  • I would doubt it, but will be able to confirm.  We have checked all the products at RWS which you can find here:

    https://gateway.sdl.com/apex/communityknowledge?articleName=000017712

    But we have not checked each and every plugin or app.  For the most part plugins run inside the Studio environment and most likely do not use this Apache Log4J2 logging package because developers would use nlog if they needed to log information.  The  Apache Log4J2 logging package is really only used in Java based applications and not .NET which form the majority of anything related to the AppStore for the language products.

    However, are are going to take the following precautions:

    1. contact every external developer to ensure Log4J2 is not used in their applications and have a statement added to the app description accordingly
    2. check all the plugins we have in our possession for the presence of Log4J2

    In addition you can search your drive for files using the name Log4J2 somewhere in the filename.  This isn't bullet proof of course since some .NET applications may use the name Log4J2 somewhere in the filename and be completely safe, but could still be a useful precaution as you could satisfy yourself if you find any.

    Finally I can confirm that none of the applications provided by RWS (formerly SDL) AppStore Developers use this logging method and they will not be exposing any security vulnerabilities on your computer..

    emoji
  • A bit late but: no. The vulnerability affects Java applications, and the Converter is a dotNet program

    emoji