Back to overview

Security vulnerability in Apache Log4j does not affect the latest TRUECHART application

Publication date: 13 December 2021

Dear Clients, Colleagues and Partners, 

The TRUECHART team is aware of the recently published security vulnerability in Apache Log4j, reference CVE-2021-44228.

This vulnerability does not affect the latest TRUECHART application

  • Log4j version 2.14.1 and prior is affected by this vulnerability, and versions above 2.15.0 are not as it was disabled by default; 
  • The latest releases of TRUECHART use version 2.15.0; 
  • You can confirm what version of log4j  you are on, by going to the location below and checking the version number of the log4j jars;

Location of the log4j jar files:

*Note: the installation directory of TRUECHART may vary depending on if you customized the installation directory.

  • The default location of TRUECHART is: C:\Program Files\High Coordination\Webapps\TRUECHARTService\WEB-INF\lib
  • Inside the above lib folder, you will note a few jar files. The 2 you are specifically looking for is log4j-api-2.15.0.jar and log4j-core-2.15.0.jar
  • If the version is below 2.15.0 then you are running an out of date version of TRUECHART;
  • You can get the latest released version of TRUECHART on www.truechart.com . Please do be cognizant of the Qlik Sense TRUECHART compatibility when doing so  .

Should you be on a TRUECHART version 2021.2.1 or older, it is recommended to update to 2021.3.0 that is available on our website. CLICK HERE to be directed to our User Portal for the download. 

For detailed instructions on how to install TRUECHART, please CLICK HERE and navigate to our Knowledge Base.

Should you not be ready to upgrade to the most recent version of TRUECHART, it is recommended that you only update log4j jars to 2.15.0, this will not impact your functionality within TRUECHART, but will protect you against the reported vulnerability. Please CLICK HERE for detailed instructions on how to do this. 

The link below may be used as a reference and a more detailed explanation of the CVE-2021-44228 log. 

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

“Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default.”

Should you have any further questions or queries, please contact support@truechart.com

Get in touch with our team!

Stay up-to-date with TRUECHART. Follow us on LinkedIn.

You might also like

How To Leverage Data Visualization for Better Decision-Making

March 11, 2024

By visually representing complex data sets, data visualization becomes an essential tool for businesses to gain valuable insights and make informed decisions. Let's take a deep dive into the power of data visualization and how it can transform your decision-making process.

Read more
Innovative Ways to Use Information Visualization in Your Next Project

February 28, 2024

From business analytics to scientific research, the amount of information we generate is staggering. But to make the most out of it, that's where information visualization comes in. Let's take a deep dive into several innovative ways to use information visualization in your next project, and how it can transform the way you work.

Read more

Have Questions?

We'd love to answer them

+41 (0) 44 363 89 00
+49 (0) 7731-939 805-0
info@TRUECHART.com
Chat with us
User Portal
Cookie-Einstellungen