Update on the use of Apache Log4j in AmdoSoft b4 software

At AmdoSoft, we are committed to providing secure and reliable software solutions. As part of our transparency, we are sharing updated information regarding the use of the Log4j library within our b4 software.

The b4 Controller integrates the Log4j logging utility (version 2.17.1).

This version, released by the Apache Software Foundation, addresses vulnerabilities identified in earlier releases and implements enhanced security measures.

Notably:
- Version 2.17.1 eliminates the critical vulnerabilities associated with the "Log4Shell" incident (CVE-2021-44228) and related issues.
- It disables the Java Naming and Directory Interface (JNDI) functionality by default, thereby mitigating risks from external exploit vectors.

Customers using b4 software can rest assured that the software includes only the most secure, tested components. Modifications and updates to third-party libraries, such as Log4j, are managed through our regular update process, where older components are replaced with the latest secure versions.

In line with recommendations from cybersecurity authorities such as the Bundesamt für Sicherheit in der Informationstechnik (BSI) in Germany, we actively monitor the security landscape. We regularly assess the components embedded in our software and take immediate action where necessary to comply with evolving standards.