Ongoing investigation into Apache Log4j 2 vulnerability

Mitigation actions for Objective products

Last updated: Fri 28 Jan 2022, 9:50 am AEDT

A critical vulnerability has been discovered in Apache Log4j 2, an open source Java package used to enable logging in many Objective solutions. The Apache Software Foundation (ASF) has identified the vulnerability as Apache Log4j Security Vulnerabilities.

Please return to this blog post and refresh your browser for updates from the Objective Team.

Are my Objective solutions affected?

Since the issue was initially identified, the Objective Product Development Team has been actively investigating the impact of the vulnerability across the entire range of Objective solutions. Each product has been updated with a status, denoting the current state of the investigation and the next steps to be taken.

Status of Objective Products

The following table will be updated as the status of each investigation is updated:

  • Not Affected: Vulnerability does not affect this product.
  • Mitigated: Security configuration put in place whilst awaiting Patch.
  • Mitigation Available: A Security configuration is available to be applied.
  • Patch Pending: Investigation complete, patch development in progress.
  • Patch Applied: Patch has been applied by the Objective Team.
  • Patch Available: Patch available for customers to install. Contact Objective Support for details.


Content Solutions

Status

Objective ECM 11.1Mitigation Available - KB#2323
Patch Available
Objective ECM 11.0Not Affected - KB#2326
Objective ECM 10.xNot Affected - KB#2326
Objective ConnectNot Affected
Objective Connect Link (on-premise)Not Affected - KB#2325
Objective Connect Link (cloud)Not Affected
Objective Gov365 (on-premise)Not Affected - KB#2324
Objective Gov365 (Cloud)Not Affected
Objective RedactNot Affected
Objective MinisterialsSee ECM Version
Objective OpenGovSee ECM Version





RegTech Solutions

Status

Objective RegWorks (cloud)Patch Applied
Objective Regworks MobileNot Affected
Objective Regworks (on-prem)Patch Available
Objective ReachNot Affected





Keystone Solutions

Status

Objective KeystoneNot Affected





Planning and Building

Status

Objective TrapezeNot Affected
AlphaOneNot Affected
GoGetNot Affected