Log4j Vulnerability- fix for subscribers

RE: Alexys advice regarding log4j vulnerability.

Alexys is aware of the vulnerability CVE-2021-44228 also referred to as Apache Log4j or Log4Shell vulnerability. We have identified that your nurse call uses the affected libraries and are currently working to test patches to fix this vulnerability. Plans to finalise tests of this patch will be completed over the weekend. It is expected that these tests will be successful, and the patch will become available to customers who have a current subscription from Monday 20th December 2021.

Background:

On 10th of December 2021 a vulnerability (CVE-2021-44228) was reported that could allow a system running Apache Log4j version 2.14.1 or below to be compromised and allow an attacker to execute arbitrary code on your nurse call server. Apache log4j is one of the most widely used java-based logging utilities globally. This vulnerability has been identified by Australian Cyber Security Centre (ACSC) as critical and trivial to exploit. Alexys has been working to ensure this vulnerability is patched immediately and has commenced activities to ensure your nurse call server can be patched with the current release of Apache Log4j 2.16.0.