We are aware of the security advisories regarding the Apache Log4j Vulnerabilities announced between December 9th, 2021 and December 27th, 2021. More information can be found here: https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability
We have determined that there is a very low risk to PrizmDoc Viewer customers using PrizmDoc Viewer version 13.5 or newer. However, out of an abundance of caution, we strongly recommend that customers update their installation of PrizmDoc Viewer to version 18.104.22.16815 or later which has the latest version of Log4j.
Although the impacted version of Log4j is shipped with our product, it is mitigated because we do not write user-supplied data to our logs therefore an RCE attack is almost impossible.
If you are running a PrizmDoc Viewer/Server prior to 13.5 (November 2018) you should upgrade immediately to the most recent version. Version upgrades in 13.x are backwards compatible and do not require code changes to support the backend upgrade. If you have concerns, please contact Accusoft support https://my.accusoft.com/ or firstname.lastname@example.org.
To download the most current version of PrizmDoc Viewer please visit: https://www.accusoft.com/products/prizmdoc-suite/prizmdoc-viewer-trial/ and look for 22.214.171.12415 or newer preview build.
In accordance with our security vulnerability policy, the official PrizmDoc Viewer version 13.19 with an updated version of Log4j is planned to release on January 25, 2022.
Additional information on our security policy can be found here: https://www.accusoft.com/company/legal/support-policy/
If you have additional questions please contact email@example.com.
Your Accusoft Team