Bookmap forum

A forum for all Bookmap discussions
http://bookmap.com/forum/

Log4j problem

http://bookmap.com/forum/viewtopic.php?f=19&t=3472

Page 1 of 1

Log4j problem

Posted: Tue Dec 21, 2021 11:43 am
by gerald_zottl
Hi,

is Bookmap in any way affected by the Log4j problem?

Regards
Gerald

Re: Log4j problem

Posted: Tue Dec 21, 2021 5:32 pm
by Svyatoslav
Hi,

Well... Not in a very significant way. We did have some non-critical services that we had to update, but main app is affected in a pretty limited way.

Regardless, 7.2 and 7.3 updates with patched log4j are released. It's best to update to be safe, but chances that the practical way to exploit it inside bookmap desktop specifically exists are pretty low. Our main code does not use log4j directly, but some 3rd party libraries that we use do. All ways that we could imagine so far require at least two steps for the attack to actually make sense (e.g. possibly something like compromising a crypto exchange that user connects to and then provide a specially crafted reply, however it's not clear if the above would actually work or is just a theoretical possibility).

Still, it is probably best to just perform the update if you are worried.

Best,
Svyatoslav

Re: Log4j problem

Posted: Mon Dec 27, 2021 9:24 am
by gerald_zottl
Thanks for your information Svyatoslav!
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/