In recent days, news has spread about the most serious information technology flaw in recent years, which has earned a rating of 10/10. This flaw is obviously the vulnerability of log4j, an open-source library used globally to create Java-based applications.
Despite the diffusion of the detected criticality and the possible damage to the servers, due to the ease of access resulting from the flaw, the applications created with WebRatio Platform are not affected, as the configuration of the library in the WebRatio applications does not use the aspects that are subject of the vulnerability.
In any case, to prevent possible misconfiguration of the library that could make the environment vulnerable to other types of attacks, we recommend to download the patched version of log4j that is compatible with WebRatio 7 and WebRatio 8 here, modified in such a way as to exclude this possibility.
In addition, to meet future security requirements, we plan to release the transition to log4j v 2.17 in the next WebRatio Platform update already scheduled for December 30th.