You may have noticed that in recent days there has been a buzz about a new vulnerability that affects many web applications and is actively being exploited. The vulnerability was found in Apache Log4j, a popular Java logging library and is called Log4Shell. Concerned users ask us if Formdesk is vulnerable to Log4Shell.
We can inform you that Formdesk is not vulnerable to Log4Shell.
The applications around Formdesk are not developed in Java. There are also no other applications or tools installed within the Formdesk network infrastructure that are developed in Java.
Applications on the periphery of Formdesk, such as our front-end WordPress website, also appear to contain no components that have been developed in Java and are therefore not vulnerable.
We investigated this on short-term. If anything comes up with regard to this vulnerability that does affect Formdesk, we will report it in this blog.