ACEA’s Response to the Critical Apache Log4j Vulnerability
The Apache Software Foundation recently announced a critical vulnerability in Apache Log4j, a widely used framework for logging in Java software applications. Java and Log4j are both used in ACEA’s software, including the CE App, and starting on December 14, 2021 through January 9, 2022 ACEA has tested and mitigated this vulnerability within our software.
To address this issue, we have upgraded from older versions of Log4j and most recently upgraded from 1.17.0 to 2.3.2 in order to implement the suggested fix. We continue to hold security of our customer information and integrity of our software to the highest standards.
If you have any questions or concerns, please feel free to contact us.