About the Log4Shell security gap
Note: For projectfacts customers of versions 6.8, 6.9 or 6.10. with basic or standard hosting the vulnerability is already closed.
The Log4Shell vulnerability is a vulnerability in the JAVA library Log4j. It allows attackers to completely take over the system by executing certain commands via input fields of a website.
More information on the Log4Shell vulnerability can be found on the website of the German Federal Office for Information Security (BSI).
If you host projectfacts with us (basic or standard hosting) and use one of the versions 6.8, 6.9 or 6.10, you are already protected.
If you host projectfacts yourself and use one of the versions 6.8, 6.9 or 6.10, please download the patch file as soon as possible, which we make available for download.
- 6.8.47 or newer under “Version Archive
- 6.9.54 or newer under “Version Archive
- 6.10.71 or newer under “Current version”.
If you host projectfacts yourself and use an older version than 6.8, 6.9 or 6.10, please arrange for an update to at least version 6.8 as soon as possible.
Tonight (13.12.21) from 10pm onwards, we will be carrying out additional maintenance on our servers, meaning there may be interruptions between 10pm and midnight.