Log4J Vulnerability - thingsHub Not Affected
With thingsHub, you can rely on the security of your data. Learn how we are protected from log4j vulnerabilities.
Is your thingsHub affected by the Log4J vulnerability?
Last weekend, the Federal Office for Information Security (BSI) declared a "red alert" for the so-called Log4J vulnerability (CVE-2021-44228). Our development team conducted an initial analysis of the thingsHub code and the software libraries used yesterday. This led to the following result.
The thingsHub products "Cloud" and "OnPremise" have NO dependency on "log4j-core" and are therefore NOT affected by the Log4J vulnerability.
In a further analysis, our team will examine the Grafana thingsHub Dashboard Editor and its plugins more thoroughly. In particular, we will look at the "high severity security fix" released by Grafana on December 7, 2021.
If you or your colleagues have any questions about this, you can contact us at any time. By email or phone.
Best regards,
Your SmartMakers thingsHub development team