Monday, December 13, 2021

Apache Log4j vulnerability "Log4shell"

A very severe security vulnerability named "Log4shell" was found in Apache Log4j. You can read more about it here:

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

We are getting a lot of questions from customers who are concerned if Group-Office is affected by this vulnerability.

Luckily, I can say that Group-Office or it's dependencies never used this software. The Debian package of Group-Office uses the Apache webserver but this is different software.

That said, it might be that you've installed other package on the server that uses it. You can check this with this command:

dpkg -l | grep log4

Note: This makes sure the Debian package is not installed. But it doesn't check if it was installed by other means!