ROB-EX is unaffected by the Log4Shell vulnerability

We have conducted an internal security investigation to assess if ROB-EX is affected by the Log4Shell vulnerability. The conclusion is that no ROB-EX module or component between ROB-EX v4.2 – ROB-EX v7.0 is affected (we have not investigated versions older than v4.2).

The detailed results from our internal security investigation are the following

  1. The only ROB-EX product using Log4j is the JBoss Multiuser Server used for ROB-EX v6.4 and older. The JBoss version used runs on Log4j v1.2.8. This Log4j version is not affected (only Log4j v2.0 and later are affected by the Log4Shell vulnerability).
  2. ROB-EX Multiuser Server v7.0 and newer uses Logback logging. Logback is not affected by the mentioned security issue.
  3. Our ROB-EX client including Shopfloor has been running Logback logging for the past many years. Logback is not affected by the mentioned security issue.
  4. Our ROB-EX License Server does not use Log4j either, so again no problems here.

Our conclusion is that ROB-EX customers will not have to take additional actions to secure their ROB-EX installation in relation to the Log4Shell vulnerability.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment