Is your thingsHub affected by the Log4J vulnerability?
Last weekend, the German Federal Office for Information Security (BSI) declared a "red alert" for the so-called Log4J vulnerability (CVE-2021-44228). Yesterday, our development team carried out an initial analysis of the thingsHub code and the software libraries used. This led to the following result.
The thingsHub products "Cloud" and "OnPremise" have NO dependency on "log4j-core" and are therefore NOT affected by the Log4J vulnerability.
In a further analysis, our team will examine the Grafana thingsHub Dashboard Editor and its plug-ins in more depth. In particular, we will look at the "high severity security fix" published by Grafana on 7 December 2021.
If you or colleagues of yours have any questions about this, you can contact us at any time. By email or also by telephone.
Yours sincerely,
Your SmartMakers thingsHub development team
