Apache Log4net Library
MSP360 software contains a component based on Apache log4net library: http://logging.apache.org/log4net/index.html
The Apache log4net has the Apache License: http://www.apache.org/licenses/LICENSE-2.0
On December 13, 2021 the Apache Foundation released an emergency update for a critical zero-day vulnerability in Log4j, a logging tool included in almost every Java application.
The problem revolves around a bug in the Log4j library that can allow an attacker to execute arbitrary code on a system that is using Log4j to write out log messages. This security vulnerability has a broad impact and is something anyone with an application containing Log4j needs to immediately pay attention to.
This vulnerability does not affect MSP360 or Cloudberry users.