Hello,

The last few days there is a lot of noise about the log4j vulnerability. Most of the messages are about Apache, but https://github.com/NCSC-NL/log4shell lists a lot of other software. CommuniGate Pro is not in this list, but I found the following file on our system, apparently from the CommuniGate Pro installation:

/opt/CommuniGate/WebSkins/Samoware/log4javascript.js

My question is whether this indicates a vulnerability of our system? If so, are there instructions to fix the problem and also CommuniGate Pro should be added to the NCSC list.

CGPro has no the Log4j security vulnerability because it uses an old version (1.4.6), which has no the functionality affected by this threat.

The functionality affected by this threat was added beginning from the 2x version.

Best regards,
Fred.Zwarts.


##################################################################
Вы получили это сообщение потому, что подписаны на список рассылки
 <CGatePro@list.communigate.ru>.

Чтобы отписаться, отправьте сообщение на адрес <CGatePro-off@list.communigate.ru>
Чтобы переключиться в режим дайджеста - mailto:<CGatePro-digest@list.communigate.ru>
Чтобы переключиться в индексный режим - mailto:<CGatePro-index@list.communigate.ru>
Для административных запросов адрес <CGatePro-request@list.communigate.ru>
Архив списка: http://list.communigate.ru/Lists/CGatePro/List.html

-- 
Best regards,
Alexey Maximov