![IntranetHeader_Logo.png]](https://knowledgebase.elblearning.com/hs-fs/hubfs/IntranetHeader_Logo.png?height=40&name=IntranetHeader_Logo.png){kind=logo}
STATEMENT FROM ELB LEARNING REGARDING “LOG4J” VULNERABILITY
12 December 2021
On December 9, 2021, a severe remote code execution vulnerability within Apache's Log4j was announced (AKA log4shell). Log4j is a widely used logging framework that could impact any application that directly uses, or relies on an application that uses, Java and this framework.
ELB Learning has conducted an analysis of the possible impact on all software applications we offer. We are pleased to state that there are NO VULNERABILITIES to our software applications.
Applications:
Asset Library - NOT VULNERABLE
CenarioVR - NOT VULNERABLE
CourseMill - NOT VULNERABLE *
eLearning Brothers Account Portal - NOT VULNERABLE
Lectora Desktop - NOT VULNERABLE
Lectora Online - NOT VULNERABLE
ReviewLink - NOT VULNERABLE
Rockstar Community - NOT VULNERABLE
Rockstar Learning Platform - NOT VULNERABLE
The Game Agency / The Training Arcade® - NOT VULNERABLE
If you need any further information regarding this matter, please feel free to email info@elblearning.com.
Note: Content published by Lectora or Lectora Online is NOT VULNERABLE.
Note: for CourseMill Enterprise versions prior to 8.5.7 customers, log4j-core is loaded as a library, but it is not used anywhere within the application. This file may be deleted. Delete: WEB-INF/lib/log4j-core-2.0-rc1.jar Restart tomcat.
Reference:
Log4j Vulnerability https://logging.apache.org/log4j/2.x/security.html