Contact us Log in

Our services are not affected by Log4Shell

For clarity, Storegate services are not affected by the Log4Shell vulnerability in Log4j. To be affected, you need to have a software that uses this logging framework and Storegate does not have it.

The Log4Shell issue


Log4j is a Java logging framework for logging data in the Java platform. Logging frameworks facilitate and standardize the logging process when developing in the Java platform. In particular, it provides flexibility by avoiding special output to the console, as the logs written become independent of the code and can be customized at runtime.

Unfortunately, the Java platform did not include logging in its original release, so by the time the Java Logging API was added, several other logging frameworks such as Apache Commons Logging and Log4j were already in use. This led to problems when integrating different third-party libraries, each with different logging frameworks. Now that the Log4Shell vulnerability in Log4j has been discovered, it is difficult to find where in the code it is located. Simply put, the applications that contain this framework can be "hacked into".

As far as the use of our services is concerned, you have nothing to worry about as we do not use the Java platform for our services. Of course, the Log4Shell problem is not the only threat and we are constantly PEN testing our services for any other vulnerabilities.

If you have any further questions on the subject, please contact Storegate Support.