DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=communigate.ru; s=test1;
	bh=h3T3ngz1r6PR6Lyvv5Gv90sKUQFnKquwp1p0IvoWV/Y=;
	h=In-Reply-To:From:References:To:Content-Language:Subject:MIME-Version:Date:
	Message-ID:Content-Type; b=uqfy90Rtpm+qqOAa9vfc7rlV4v6H86kS1qr8JuWrKK8o+StSkW
	8CHrr5Zzfha02A75zMWCrBe1FjXwiM82NHcmJ2ed/vhScY7x5O1G1yRIUCGSRFXbVowqYMWMF/GA1
	tQn0IAk6Dmm4S9XjcPn8ta85SHcuZSe82hipnzkh74dM=
From: "Alexey Maximov alexm@communigate.ru" <CGatePro@list.communigate.ru>
Received: from [185.175.131.13] (account alexm@mail.communigate.ru HELO [192.168.12.149])
  by mail.communigate.ru (CommuniGate Pro SMTP 6.3.9f)
  with ESMTPSA id 60116851 for CGatePro@list.communigate.ru; Mon, 13 Dec 2021 13:40:32 +0300
Content-Type: multipart/alternative;
 boundary="------------hienbvGlEEhroxkFKLLvfv6A"
Message-ID: <7cfa6c03-a963-b9c8-ee58-aee188ba91fe@communigate.ru>
Date: Mon, 13 Dec 2021 13:40:31 +0300
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:91.0) Gecko/20100101
 Thunderbird/91.3.2
Subject: Re: [CGP] log4j
Content-Language: en-US
To: CommuniGate Pro Russian Discussions <CGatePro@list.communigate.ru>
References: <list-60116803@mail.communigate.ru>
In-Reply-To: <list-60116803@mail.communigate.ru>

This is a multi-part message in MIME format.
--------------hienbvGlEEhroxkFKLLvfv6A
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

Hello,

On 13.12.2021 13:23, Fred. Zwarts F.Zwarts@KVI.nl wrote:
> The last few days there is a lot of noise about the log4j 
> vulnerability. Most of the messages are about Apache, but 
> https://github.com/NCSC-NL/log4shell lists a lot of other software. 
> CommuniGate Pro is not in this list, but I found the following file on 
> our system, apparently from the CommuniGate Pro installation:
>
>> /opt/CommuniGate/WebSkins/Samoware/log4javascript.js 
>
> My question is whether this indicates a vulnerability of our system? 
> If so, are there instructions to fix the problem and also CommuniGate 
> Pro should be added to the NCSC list.

CGPro has no the Log4j security vulnerability because it uses an old 
version (1.4.6), which has no the functionality affected by this threat.

The functionality affected by this threat was added beginning from the 
2x version.


>
> Best regards,
> Fred.Zwarts.
>
>
> ##################################################################
> Вы получили это сообщение потому, что подписаны на список рассылки
> <CGatePro@list.communigate.ru>.
>
> Чтобы отписаться, отправьте сообщение на адрес 
> <CGatePro-off@list.communigate.ru>
> Чтобы переключиться в режим дайджеста - 
> mailto:<CGatePro-digest@list.communigate.ru>
> Чтобы переключиться в индексный режим - 
> mailto:<CGatePro-index@list.communigate.ru>
> Для административных запросов адрес 
> <CGatePro-request@list.communigate.ru>
> Архив списка: http://list.communigate.ru/Lists/CGatePro/List.html
>
-- 
Best regards,
Alexey Maximov

--------------hienbvGlEEhroxkFKLLvfv6A
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>Hello,<br>
    </p>
    <div class="moz-cite-prefix">On 13.12.2021 13:23, Fred. Zwarts
      <a class="moz-txt-link-abbreviated" href="mailto:F.Zwarts@KVI.nl">F.Zwarts@KVI.nl</a> wrote:<br>
    </div>
    <blockquote type="cite" cite="mid:list-60116803@mail.communigate.ru">The
      last few days there is a lot of noise about the log4j
      vulnerability. Most of the messages are about Apache, but
      <a class="moz-txt-link-freetext" href="https://github.com/NCSC-NL/log4shell">https://github.com/NCSC-NL/log4shell</a> lists a lot of other
      software. CommuniGate Pro is not in this list, but I found the
      following file on our system, apparently from the CommuniGate Pro
      installation:
      <br>
      <br>
      <blockquote type="cite">/opt/CommuniGate/WebSkins/Samoware/log4javascript.js
      </blockquote>
      <br>
      My question is whether this indicates a vulnerability of our
      system? If so, are there instructions to fix the problem and also
      CommuniGate Pro should be added to the NCSC list.
      <br>
    </blockquote>
    <p>CGPro has no <span class="word" id="[90,95]">the Log4j</span> <span
        class="word" id="[96,104]">security</span> <span class="word"
        id="[105,118]">vulnerability because it uses an old version
        (1.4.6), which has no the functionality affected by this threat.</span></p>
    <p><span class="word" id="[105,118]"> The functionality affected by
        this threat was added beginning from the 2x version.</span></p>
    <p><br>
    </p>
    <blockquote type="cite" cite="mid:list-60116803@mail.communigate.ru">
      <br>
      Best regards,
      <br>
      Fred.Zwarts.
      <br>
      <br>
      <br>
      ##################################################################
      <br>
      Вы получили это сообщение потому, что подписаны на список рассылки
      <br>
       <a class="moz-txt-link-rfc2396E" href="mailto:CGatePro@list.communigate.ru">&lt;CGatePro@list.communigate.ru&gt;</a>.
      <br>
      <br>
      Чтобы отписаться, отправьте сообщение на адрес
      <a class="moz-txt-link-rfc2396E" href="mailto:CGatePro-off@list.communigate.ru">&lt;CGatePro-off@list.communigate.ru&gt;</a>
      <br>
      Чтобы переключиться в режим дайджеста -
      mailto:<a class="moz-txt-link-rfc2396E" href="mailto:CGatePro-digest@list.communigate.ru">&lt;CGatePro-digest@list.communigate.ru&gt;</a>
      <br>
      Чтобы переключиться в индексный режим -
      mailto:<a class="moz-txt-link-rfc2396E" href="mailto:CGatePro-index@list.communigate.ru">&lt;CGatePro-index@list.communigate.ru&gt;</a>
      <br>
      Для административных запросов адрес
      <a class="moz-txt-link-rfc2396E" href="mailto:CGatePro-request@list.communigate.ru">&lt;CGatePro-request@list.communigate.ru&gt;</a>
      <br>
      Архив списка: <a class="moz-txt-link-freetext" href="http://list.communigate.ru/Lists/CGatePro/List.html">http://list.communigate.ru/Lists/CGatePro/List.html</a>
      <br>
      <br>
    </blockquote>
    <pre class="moz-signature" cols="72">-- 
Best regards,
Alexey Maximov</pre>
  </body>
</html>
--------------hienbvGlEEhroxkFKLLvfv6A--