TrendMiner not impacted by Log4j threat

As the Zero-day exploit became known to the public domain on December 10th, TrendMiner's engineering team immediately scanned our code base for the potential use of log4j, including any (transitive) dependencies.

The conclusion is clear - There is no direct use of or dependency on the affected log4j-core library or JndiLookup class. Scanners might pick up a reference to log4j-api, however, this library is not affected by the exploit. Furthermore, the JDK shipped with TrendMiner is up-to-date, which also means it is not vulnerable to the exploit.

As a reminder, TrendMiner scans for zero-day exploits or other security threats on a daily basis and will release security hotfixes where needed, informing you for the need to update.

For further questions, please reach out to support@trendminer.com.