Product: Cross-Products (All)
Description: Discusses potential for risk regarding Omatic products in relation to Log4J or Log4shell
Environment: All
Version: All

Answer:


Log4j is a Java library for logging. As we use C# and .Net primarily we do not have any references to the library in our codebase. Related Microsoft post: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/


We have done an evaluation for our entire business on the log4j vulnerability. At this time, we have not found any evidence that we leverage services that are vulnerable. We do not reference this library. We will continue to evaluate as additional information becomes available.