We would like to give you a status and overview of the log4j situation and M2 Solutions.
Affected by the logging software breach are Java applications that - as the name suggests - have implemented the logging component Log4j. This is the Tableau Toolbox, which includes the Form Builder and Mail Tool. The Tableau Toolbox has been shipping the latest version of log4j, i.e. 2.17, since release 1.32.1. With this, we can say that any security risk related to CVE-2021-44228, CVE-2021-45105, and CVE-2021-45046 has been removed.
The other M2 Solutions do not implement log4j or are not java-based, these include in particular:
Tableau Portal
Data Catalog Tool
Housekeeping Tool
We can therefore report that none of our products are affected by log4j.
However, please take the necessary precautions for your Tableau installations, more information can be found here: Apache Log4j2 vulnerability (Log4shell) | Tableau Software.
M2 is always up to date with the latest developments and we try to be aware of all security vulnerabilities and new developments in the technical scene as soon as possible in order to release security patches or hotfixes if needed.
If you have any questions on the subject, we are always happy to help.
Your M2 Team
Phone: +49 (0)30 20 89 87 010
info@m2dot.com · M2@Facebook · M2@Twitter · M2@LinkedIn · M2@Instagram