Individual workplace in the modern office

2021-12 - Log4j impact on Planon

We would like to inform you that Planon is aware of recently disclosed research regarding a zero-day vulnerability in Log4j (CVE-2021-44228). However, Planon Universe SaaS and On-premise are not affected by this vulnerability.

The security of our software solutions is a top priority for Planon. To that end, Planon runs security-related updates on its software platforms on a monthly basis. These updates typically concern core security-related libraries like WildFly, Tomcat, Java Runtime, Wicket, and Encryption Libraries. The software services as provided by these libraries are tested, monitored and fixed as soon as possible in case of security issues.

Planon always updates these libraries when maintenance releases become available that include security fixes. Planon takes prime responsibility for security and customer support on all software components used on its software platforms. Our prioritization in updating software libraries for security reasons is focused on software components that are internet facing and therefore the most sensitive to hacking attempts.

Until recently, Planon did not prioritize on Log4J, since it's a tool used to generate logs in the backend of our software. However, due to the vulnerabilities as disclosed on Log4J, Planon has repositioned this library in its priority scheme.

We are currently working on providing our customers with an update which we expect to be available in Q1 2022.

In the meantime, Planon assures all its customers that the vulnerability of Log4J as globally reported recently, is not present in the software solutions Planon provides today.

We welcome questions on the topic. In case you have any, please contact us through the Planon Customer Portal.

Questions? Please submit a support ticket or contact us by phone.