IMPORTANT MESSAGE: We are still experiencing some difficulties that will affect your ability work with the RWS AppStore. Our IT team is working to resolve this but for now you may not be able to download or upload apps through the RWS AppStore. We apologise for the inconvenience and will update the community when we have a resolution in place. In the meantime you can take advantage of the Private AppStore if you are using Trados Studio 2021 or 2022.

Is Glossary Converter affected by log4j Vulnerability?

Please help to confirm whether Glossary Converter is affected by log4j Vulnerability or not, as well as other applications in Appstore.

emoji
Parents
  • I would doubt it, but will be able to confirm.  We have checked all the products at RWS which you can find here:

    https://gateway.sdl.com/apex/communityknowledge?articleName=000017712

    But we have not checked each and every plugin or app.  For the most part plugins run inside the Studio environment and most likely do not use this Apache Log4J2 logging package because developers would use nlog if they needed to log information.  The  Apache Log4J2 logging package is really only used in Java based applications and not .NET which form the majority of anything related to the AppStore for the language products.

    However, are are going to take the following precautions:

    1. contact every external developer to ensure Log4J2 is not used in their applications and have a statement added to the app description accordingly
    2. check all the plugins we have in our possession for the presence of Log4J2

    In addition you can search your drive for files using the name Log4J2 somewhere in the filename.  This isn't bullet proof of course since some .NET applications may use the name Log4J2 somewhere in the filename and be completely safe, but could still be a useful precaution as you could satisfy yourself if you find any.

    Finally I can confirm that none of the applications provided by RWS (formerly SDL) AppStore Developers use this logging method and they will not be exposing any security vulnerabilities on your computer..

    emoji
Reply
  • I would doubt it, but will be able to confirm.  We have checked all the products at RWS which you can find here:

    https://gateway.sdl.com/apex/communityknowledge?articleName=000017712

    But we have not checked each and every plugin or app.  For the most part plugins run inside the Studio environment and most likely do not use this Apache Log4J2 logging package because developers would use nlog if they needed to log information.  The  Apache Log4J2 logging package is really only used in Java based applications and not .NET which form the majority of anything related to the AppStore for the language products.

    However, are are going to take the following precautions:

    1. contact every external developer to ensure Log4J2 is not used in their applications and have a statement added to the app description accordingly
    2. check all the plugins we have in our possession for the presence of Log4J2

    In addition you can search your drive for files using the name Log4J2 somewhere in the filename.  This isn't bullet proof of course since some .NET applications may use the name Log4J2 somewhere in the filename and be completely safe, but could still be a useful precaution as you could satisfy yourself if you find any.

    Finally I can confirm that none of the applications provided by RWS (formerly SDL) AppStore Developers use this logging method and they will not be exposing any security vulnerabilities on your computer..

    emoji
Children