After the announced info, the serious security gap, in the Java library log4j, our experts in the product development have immediately initiated an a test and pronounce that: there is NO RISK for the QUANOS SOFTWARE PRODUCTS.
Following, the result of the test, related to our software products:
No software developed or used by us in this environment is based on Java. Therefore, there is no security risk in connection with the found security gap.
Only the Service Mate API uses Java, but no log4j is used there, the library is not delivered at all. The API uses "Logback", which is a successor to log4j.
According to Service Mate GmbH "there is currently no security risk when using the Service Mate API".
The current Quanos SIS.one standard applications Catalog Online/Offline, Shop and PPSync do not use this library. In the older applications IPP and Shop (V1 - V3) the Java library is used, but in an older, unaffected version. Other libraries used also do not access an affected log4j version.
For further customer specific applications developed within projects, either the affected log4j library is not used or also only in an older, not affected version. If you need the exact status of your custom application, please let us know the name and version number (usually found in the file "Version.txt").
SCHEMA ST4 and SCHEMA CDS, both products are not affected by the Log4 Shell threat, since the Log4j component is not used in the ST4/CDS environment. Both products are based on the .NET platform, here Log4Net is used, which is not affected by the security gap. Java is not used in ST4 and CDS.
None of the third-party software mentioned above is based on Java. Therefore, there is no security risk related to the found security gap.
Then feel free to contact our support team.
