Apache log4j

FireDaemon's software products are NOT impacted by CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-4104 and any other related log4j 2 vulnerabilities. All of our software products are written in C++. While we do consume / use third-party closed source and open source libraries, we do not use the Apache log4j 2 library. No FireDaemon software product uses any Java or Java based components.


However, if you are running Java based programs under FireDaemon Pro control (e.g. Wildfly, Tomcat, Minecraft etc.) then you should definitely inspect those programs to confirm whether they are vulnerable and patch accordingly. You can find a useful summary of the vulnerability and impacted software here.


UPDATE Dec 16, 2021: FireDaemon Fusion uses Apache log4cxx. We only use the "rolling file appender" function and do not log forward nor offer any Java or JNDI integration / capability. The Apache team is in the process of removing redundant serialisation support in log4cxx. We have released a new build of Fusion that incorporates the latest log4cxx and OpenSSL versions. log4cxx is not impacted by the log4j 2 vulnerabilities.


UPDATE Dec 22, 2021: FireDaemon Fusion has been updated to use the latest version of log4cxx. Please download and update at your earliest convenience.


If you require further clarification or assistance please don't hesitate to contact us.