As recently announced, significant vulnerabilities have been discovered in Apache Log4j, a widely used logging package for Java. The vulnerability, which can allow an attacker to execute arbitrary code by sending manipulated log messages, has been identified as CVE-2021-44228 and has been named Log4Shell.
Immediately after this vulnerability became known, we got with the analysis of our QMS QDA to see if QDA or parts of QDA are also affected. The reassuring finding is – QDA does not make use of Log4j in any function in the current version X, as well as in all older versions. Therefore, we officially state that QDA is not affected by the Log4j issue.