PLATO Reacts Immediately to Apache Security Vulnerabilities

On Thursday, December 09, 2021, a security issue in Apache Log4j (a logging tool used in many Java-based applications) was disclosed. This issue, also known as "Log4Shell", allows unauthorized attackers to execute code on vulnerable systems.

PLATO Reacts Immediately to Apache Security Vulnerabilities

PLATO is aware of the recently disclosed security issue related to the open source Apache "Log4j2" library (CVE-2021-44228) and takes the issue very seriously.

"Our world-class DevOps team has been working around the clock to verify this issue, even though PLATO e1ns itself does not use Java. That's why the e1ns code is not directly affected by the log4j2 vulnerability," said CTO Marcus Schorn about the current situation. "Our e1ns solution contains the affected Solr software component. There is no need to wait for a Solr update to be developed, as potential security issues can be eliminated by changing configuration settings. We have taken appropriate measures to protect our customers worldwide and already provided a security configuration a few days ago. This configuration can be performed immediately by a company's IT. Another option is to install an update."

In addition, PLATO will provide a new PLATO e1ns version after the release of Solr Release 8.11.1, which is expected to address this Solr-level security vulnerability.

If you need further details or assistance, please contact PLATO support.