Are MailStore Products Affected by the Critical Log4Shell Vulnerability?
The widely used Java library log4j is currently in the news because a critical vulnerability (Log4Shell) has been identified. We take reports about security issues very seriously and are monitoring and scanning our products using various techniques that themselves are continuously improved.
For disclosing security issues, MailStore follows the CVE Process. Known security issues that affect specific versions of our products are published on our online help for MailStore Server and the MailStore Service Provider Edition. At the time of disclosure, we regularly publish updated versions of the affected MailStore products that fix the issue.
Regarding the security issue CVE-2021-44228 we can confirm that MailStore products are NOT affected. Our products are based on .NET, not Java and thus do not use the vulnerable component log4j. Also, its .NET port log4net, which is currently not known to be affected by the vulnerability, is not used by our products.
Because of this, no action from your side, such as updating your MailStore products, is necessary at this time, although we recommend using the most current versions of our products on principle; these can be found here.
In case you have further questions, please contact our technical support stating your license key.