Firely server software and the Log4Shell (CVE-2021-44228) vulnerability

On december 9th, Alibaba’s Cloud Security Team published a vulnerability in Log4j, a popular Java logging framework. Firely’s client product Forge and server products Simplifier.net and Firely Server are written for the Microsoft .NET platform and do not use the affected Java-based Log4j framework. We also do not use Log4n, the .NET port of Log4j. Simplifier runs Elastic Search internally as a third-party service for its search functionality, but we have determined that this component cannot be exploited. This means our products are not exposed to the vulnerabilities identified in CVE-2021-44228.