Data Virtuality is not affected by the Apache Log4j security vulnerability (CVE-2021-44228)

A security vulnerability has been recently discovered in Apache Log4j (version 2), allowing an attacker to "execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled":

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

Data Virtuality is NOT affected by this remote code injection vulnerability.

Even though Data Virtuality uses one of the affected versions of Log4j, the affected Log4j libraries (i.e. log4j-core) are not included in Data Virtuality.
In particular, Data Virtuality uses a separate log manager which doesn't include the JNDI Lookup functionalities and uses only some of the Log4j APIs which are not affected by CVE-2021-44228.

If you have any questions or doubts, please feel free to contact our Support Team.