FAQs

STATEMENT FROM ELEARNING BROTHERS REGARDING “LOG4J” VULNERABILITY

12 December 2021

On December 9, 2021, a severe remote code execution vulnerability within Apache's Log4j was announced (AKA log4shell). Log4j is a widely used logging framework that could impact any application that directly uses, or relies on an application that uses, Java and this framework.

eLearning Brothers has conducted an analysis of the possible impact on all software applications we offer.  We are pleased to state that there are NO VULNERABILITIES to our software applications.  

Applications:

Asset Library - NOT VULNERABLE

CenarioVR - NOT VULNERABLE

CourseMill - NOT VULNERABLE *

eLearning Brothers Account Portal - NOT VULNERABLE

Lectora Desktop - NOT VULNERABLE

Lectora Online - NOT VULNERABLE

ReviewLink - NOT VULNERABLE

Rockstar Community - NOT VULNERABLE

Rockstar Learning Platform - NOT VULNERABLE

The Game Agency / The Training Arcade® - NOT VULNERABLE

If you need any further information regarding this matter, please feel free to email info@elearningbrothers.com.


Note:
Content published by Lectora or Lectora Online is NOT VULNERABLE.


Note: for CourseMill Enterprise versions prior to 8.5.7 customers, log4j-core is loaded as a library, but it is not used anywhere within the application. This file may be deleted.  Delete: WEB-INF/lib/log4j-core-2.0-rc1.jar  Restart tomcat. 

Reference:

Log4j Vulnerability https://logging.apache.org/log4j/2.x/security.html