Imatest not vulnerable to Apache log4j security compromise

Security researchers disclosed the following vulnerabilities in the Apache Log4j Java logging library:

  • CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker-controlled LDAP
    and other JNDI related endpoints

    CVE-2021-45046: The fix for CVE-2021-44228 was incomplete in certain non-default
    configurations.

    CVE-2021-45105: Apache Log4j2 Context Lookup features do not protect against uncontrolled
    recursion from self-referential lookups in certain non-default configurations

No Imatest software includes the affected versions of Log4j, no dependency used, such as the MATLAB compiler runtime includes an affected version either.

Internal Imatest systems which included Log4j were promptly patched when the vulnerability was discovered. These were never publically accessible.

Thank you for your concern.