Following the discovery of a security vulnerability with the Log4j package, we have conducted an investigation which suggests that the reported attack vector is non-existent, because it is not directly available on the internet. The only component that uses Log4j is our conversion service for PDF and DOC files.


As a precaution, we are currently in the process of upgrading the Log4j package to v2.17.0 which will eliminate any risk. This upgrade will be applied as a hotfix early next week, an ETA will be provided before this fix goes out.


If you have any concerns, please contact the ThoughtRiver Support team via Freshdesk or support@thoughtriver.com.