Intelligent Voice has reviewed the “Log4Shell” vulnerabilities in Apache Log4j 2 (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832) and confirmed that no Intelligent Voice software releases are affected by these vulnerabilities.
Additionally, Intelligent Voice is assessing its own hosted systems and those of its suppliers and partners to confirm that no Intelligent Voice service will be affected by this vulnerability.
There is no action required for any Intelligent Voice product.
Intelligent Voice continually assesses software dependencies for updates and security patches, and issues updates as required. As part of this program we have also determined that CVE-2021-42550 affecting the related logback library does not affect Intelligent Voice installations. In Intelligent Voice 5.2.3 the version of logback has been updated to the latest 1.2.9 out of an abundance of caution.