Kopano is not affected by Log4Shell

December 13, 2021

No Kopano component is affected by Log4Shell

Log4Shell is critical 0-day vulnerability occuring in the Open Source Java library log4j. log4j is used by thousands, if not millions, software packages and often included in tools like application servers.
The Log4Shell vulnerability is highly critical (rated 10 out of 10) because there are already documented exploits going on, and because if exploited the attacker might be able to execute remote code, even as root user.

There are several ways to mitigate this vulnerability, the best way depends heavily on the individual situation. A quite up-to-date guide seems to be from lunasec.io

But good news last: No Kopano package makes use of log4j in any kind or version.