[2021.12.13] CloudBacko Advisory - Log4j vulnerability (CVE-2021-44228)

Announcement date: 2021-12-13

• CloudBacko Pro/Home/Lite version 4.5.4.x (and above) are not vulnerable to CVE-2021-44228 (Log4j vulnerability).

The version of Log4j Ahsay products bundled does not contain the JNDILookup plugin and is not one of the affected versions. Also, remote logging feature and all logging had been disabled for Log4j Logger (set to OFF) (CVE-2019-17571).

• CloudBacko Mobile App 1.6+ is not vulnerable.