A vulnerability was recently discovered and subsequently made public last month which could allow an attacker to break into systems, steal passwords and logins, extract data, and infect networks with malicious software.
Log4j is used across software applications and online services worldwide, and the vulnerability requires very little expertise to exploit. This makes Log4shell potentially the most severe computer vulnerability in years.
Almost all software has some form of ability to log (for development, operational and security purposes), and Log4j is a very common component used for this. However, the logging used by both our software and our servers do not use Log4j. Consequently, our MIDAS software and servers are not vulnerable to Log4shell.
Our MIDAS software itself doesn't require or utilize Log4j, however that doesn't necessarily mean that your own server won't be running this logging utility in some capacity.
If in doubt, updating your server software and Log4j (if applicable) should mitigate the Log4shell vulnerability.