studioSL is not using any version of log4j affected by the CVE-2021-44228 vulnerability which has been widely announced recently. The versions affected are log4j >=2.0-beta9 and <=2.14.1. However, there are two related vulnerabilities in log4j 1.x versions used by studioSL (see CVE-2021-4104, CVE-2019-17571).

To patch your current installation of studioSL see our knowledge base here.

 

Marco Thiele's picture

Patch log4j Vulnerability