With the bug disclosed on Friday, December 10th by Alibaba’s security team on the Log4j vulnerability (CVE-2021-44228), we are receiving customer questions on potential affected products that we ship. Infragistics does not ship server-side, Java-based UI / component libraries. Thus, Infragistics Ultimate products would not be affected by a Java, Apache server-based library nor would Reveal, our embedded business intelligence platform.
We can confirm that No Infragistics products ship with Log4j and no Infragistics products are impacted by this vulnerability.
For more information: