Knowledgebase
MailStore Products and the CVE-2021-44228 Log4j Exploit
Posted by Christian Mussmann on 16 Dec 2021 10:56

Are MailStore Products Affected by the Critical Log4Shell Vulnerability?

The widely used Java library log4j is currently in the news because a critical vulnerability (Log4Shell) has been identified. We take reports about security issues very seriously and are monitoring and scanning our products using various techniques that themselves are continuously improved.

For disclosing security issues, MailStore follows the CVE Process. Known security issues that affect specific versions of our products are published on our online help for MailStore Server and the MailStore Service Provider Edition. At the time of disclosure, we regularly publish updated versions of the affected MailStore products that fix the issue.

Regarding the security issue CVE-2021-44228 we can confirm that MailStore products are NOT affected. Our products are based on .NET, not Java and thus do not use the vulnerable component log4j. Also, its .NET port log4net, which is currently not known to be affected by the vulnerability, is not used by our products.

Because of this, no action from your side, such as updating your MailStore products, is necessary at this time, although we recommend using the most current versions of our products on principle; these can be found here.
In case you have further questions, please contact our technical support stating your license key.
(0 vote(s))
Helpful
Not helpful

Comments (0)
Navigation
Remote Support

Please download our TeamViewer client in order to allow the MailStore support team a one-time only access to your system.

Premium Support

If your MailStore Server license includes Premium Support or you are using the MailStore Service Provider Edition, you are entitled to get in touch with our support team directly via phone.

Phone:

+49 2162 50299-12

USA:

+1 800 747 2915