14/12/2021
Security threat posed by log4j
The IUCLID 6 application is not affected. Other software tools made available from the IUCLID website are under investigation.
Recently a serious and very wide-ranging software security flaw has been disclosed. It is caused by a commonly used software component, named log4j. For more information see the official announcement by the Cybersecurity & Infrastructure Security Agency of the US Government.
We confirm that the IUCLID 6 application does not use log4j and is therefore not affected. The IUCLID Data Extractor and Uploader are also not affected.
However, Text Analytics has been confirmed to be impacted by this vulnerability and we have decided to suspend the downloads of this application from the IUCLID website. We recommend that Text Analytics is not made available on a server that can be accessed from the public internet.
Updated on 15.12.2021: vulnerability confirmed in Text Analytics. No issue identified for IUCLID, the Data Extractor and Uploader.
Updated on 04.02.2022: A new version of Text Analytics, v3.8.0, has been released that is not affected.
Additional information
LinkedIn group
