Since last week, a security vulnerability in the "log4j" framework has been rocking the IT world.
log4j is a programming tool for logging application messages. Software error messages, technical notices like "disk space about to fill up" and so on are written away by log4j to a log file for later technical analysis, and usually this simple task is the only thing a logging tool is supposed to do.Logging ("logging") is fundamentally very useful and is used by engineering and support to record and track error conditions and undesirable developments.
The log4j exists only for the Java computer language, that's what the last letter "j" stands for. Over the years it has become a quasi-standard in many open source and commercial software products.
The newly found security hole makes it very easy for attackers to run their own software on other people's computers. That brought widespread disruption in the last week, such as to popular cloud services Amazon Web Services, Steam and iCloud.
No log4j in Smartstore
The Smartstore store software is not affected by the log4j vulnerability.
Smartstore is built with Microsoft .NET technology, not Java.
We even stopped using a port from log4j to Microsoft .NET called "log4net" a long time ago. We have recently started using Serilog.
Smartstore store operators are only affected if they or their hoster have other systems with log4j in operation besides Smartstore, especially if they are connected online.