L-Soft Advisories: Information about Log4j Vulnerabilities

Information about LISTSERV and LISTSERV Maestro with regards to the Log4j vulnerabilities CVE-2021-44228 (Log4Shell), CVE-2021-45046 and CVE-2021-45105:

• LISTSERV does not use Log4j and is not affected by these vulnerabilities.
• LISTSERV Maestro 9.0 and older does not use Log4j and is not affected by these vulnerabilities.
• LISTSERV Maestro 10.0-1 to 10.0-3 use Log4j 2.12.1 and may therefore be vulnerable. We strongly recommend applying build 10.0-6 or later.
• LISTSERV Maestro 10.0-4 uses Log4j 2.15.0 and is therefore not vulnerable to CVE-2021-44228 (Log4Shell) but may still be vulnerable to CVE-2021-45046 and CVE-2021-45105. We strongly recommend applying build 10.0-6 or later.
• LISTSERV Maestro 10.0-5 uses Log4j 2.16.0 and is therefore not vulnerable to CVE-2021-44228 (Log4Shell) and CVE-2021-45105 but may still be vulnerable to CVE-2021-45105. We strongly recommend applying build 10.0-6 or later.
• LISTSERV Maestro 10.0-6 and later uses Log4j 2.17.0 and is not affected by these vulnerabilities.

---

LISTSERV is a registered trademark licensed to L-Soft international, Inc.

See Guidelines for Proper Usage of the LISTSERV Trademark for more details.

All other trademarks, both marked and unmarked, are the property of their respective owners.