log4j

Cycom products and the log4j vulnerability

We are happy to say that none of our products make use of the Apache Log4j library (referred to as “Log4j 2” or “Log4Shell”) with the recently discovered critical vulnerabilities (CVE-2021-44228, CVE-2021-45046).

Customer-facing applications

All versions of the following Cycom products are safe from the Log4j vulnerabilities.

  1. CityLaw / CountyLaw Web

  2. CityLaw / CountyLaw Desktop

  3. CityLaw Online Claim Portals

  4. Microsoft Office integrations

By inspection of the source code and source code commit history we confirmed that all versions of these products are safe from these vulnerabilities, because they do not currently use and have never used an Apache Log4j library.

We have also confirmed with all our third-party vendors that all libraries and tools used in our products are not vulnerable.

Internal applications

All third-party applications used internally by Cycom (and not in our products) are either not vulnerable or have been updated with the requisite fixes. Of the third-party applications Cycom uses internally that have been patched, no exploits of the vulnerability have been reported by their vendors.