Last Modified: 30-Sep-2024

Lucene++

MSP360 software contains a component based on Lucene++, version 3.0.8: https://github.com/luceneplusplus/LucenePlusPlus

The Lucene++ has the Apache License: http://www.apache.org/licenses/LICENSE-2.0

On December 13, 2021 the Apache Foundation released an emergency update for a critical zero-day vulnerability in Log4j, a logging tool included in almost every Java application.

The problem revolves around a bug in the Log4j library that can allow an attacker to execute arbitrary code on a system that is using Log4j to write out log messages. This security vulnerability has a broad impact and is something anyone with an application containing Log4j needs to immediately pay attention to.

This vulnerability does not affect MSP360 or Cloudberry users.

https://git.cloudberrylab.com/egor.m/doc-help-std.git