log4j Vulnerability CVE-2021-44228¶
As you may have noticed a vulnerability for systems called Apache log4j has been discovered.
Read more here Apache log4j Vulnerability and here Apache log4j site.
We at ThreeThirds take security very seriously and we have immediately taken action to secure our environment and investigate possible security holes.
Read in detail below:
HCL has released a Security Advisory
Connections¶
HCL Connections 7 does not use the the vulnerable log4j 2 versions. HCL KB
The ThreeThirds collab.cloud environment runs on HCL Connections 7.
The elasticsearch, which is part of the new social homepage, uses the vulnerable log4j 2.11 library. Although the official statement from ElasticSearch says there is no need to patch, we'll patch these components.
Sametime¶
Our Sametime 11 servers are not affected.
Domino / Verse / Traveler¶
Domino 11 and 12 are not affected