LISTSERV itself is not affected.  LISTSERV does not use Java and does not use Log4J.

 

With regard to Maestro, Development says:

 

(1) Versions of Maestro previous to 10.0 don't include Log4J, and therefore are unaffected by any Log4j vulnerabilities.

 

(2) Maestro 10.x does use Log4j with a version of the library that is vulnerable to CVE-2021-44228.

 

(3) Maestro 10.x doesn't actively use the Log4j functions that are subject to the vulnerability (it logs user agents using a different method), so we believe that, in its default configuration, Maestro 10.x is not affected by the vulnerability.

 

(4) However, to be absolutely certain that Maestro is not at risk, we have released a new Maestro update (10.0-4) which includes an updated, fixed version of Log4j in which the vulnerability is fixed.

 

F-Secure's anti-virus products (Windows Server Security and Linux Security) are not affected, only their Policy Manager which we do not supply to our customers.

 

Nathan

 

 

Hello Everyone,

 

I am currently looking into what all might be impacted by the log4j vulnerability.  I know that LISTSERV uses F-Secure Anti-Virus and that other products of F-Secure have reported having issues with log4j.  Does anyone know if LISTSERV or F-Secure Anti-Virus has the log4j vulnerability?  Also, if there is an issue which will need to be patched, which versions could be impacted?  If it is still an unknown, then I understand, but just was curious.  Thank you for your help!  Have a great day!

 

 

Thank you for your time,

Adam L. Arthur

Enterprise Application Administrator

Information Technology Services

Bowling Green State University

Phone:  (419)-372-4945

 

 

To unsubscribe from the LSTSRV-L list, click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1