Log4j vulnerability and RPM

We received a number of inquiries about Log4j vulnerabilities and exploits today in our RPM Remote Print Manager(R) (“RPM”) product. In this article, I attempt to explain why this is not a concern for RPM or any of our other products.

Bottom line: None of our products have ANY Log4j exposure, or Java classes, or Apache logs.

What is Log4j?

That was my Google search query earlier. The short answer is that Log4j is a Java package that is part of the Apache logging system.

We use Apache in our organization. However, we don’t use any Java packages. We do use Python scripts and a Python package for parsing Apache logs.

RPM itself creates logs, but the logs are local to the PC running RPM. It does not interface in any way with an Apache webserver. RPM doesn’t read or write Apache logs at all.

What about Java vulnerabilities?

RPM contains no Java code. RPM itself is 100% written in C++ where the user interface and some of the utilities are written in Python, which we compile to a Windows executable. In the 26 years of RPM’s product lifetime, there have been no known language-related vulnerabilities.

You mentioned other products

We do have a product with some Java code, called ExcelliPrint. The Java code is used for Windows printing and creating images. However, this product doesn’t do any form of web server logging. Again, there are no Log4j vulnerabilities in that product.

More information

Please send us your questions and share your concerns! Visit the contact page on our website.