Date: December 13, 2021
The CVE-2021-44228 (Log4Shell) vulnerability, discovered in mid-December, impacts a number of Java-based applications.
Cenote Lockpoint is not vulnerable to CVE-2021-44228.
Lockpoint does not bundle the impacted Log4j module, although it does make use of the Log4j implementation that is included in Confluence. Atlassian has indicated that Confluence is not vulnerable to this exploit in its default configuration, and so long as Confluence remains not vulnerable, neither is Lockpoint.
This statement applies to all released versions of Lockpoint (1.x, 2.x).
If you have any questions, please contact Cenote Support.