by our parent company: the software quality assurance tools Squish, Coco and
Test Center are not affected by the Log4Shell vulnerability.
Log4Shell is a high-severity vulnerability found in the
logging framework. Affected versions of the framework allow attackers
to execute code on remote systems.
The vulnerability was assigned the identifier CVE-2021-44228 and become public on December 10, 2021.
None of our products has been including or using the affected framework.
The Squish IDE is based on the Java-based Eclipse framework. As such, a Squish installation contains the following file:
The file name
ant-apache-log4j.jar may suggest a copy of the
log4j library. However, the file is just an adaptor to
log4j. The adaptor is not used and the affected
log4j library needed
for it to function is not bundled with Squish.