As a precautionary step an upgrade to Log4j version 2.15.0 in the Printix Cloud was completed on Monday 13 December 2021. Investigations to establish if Printix Cloud and its current use of Apache Log4j version 2.10 did not expose any vulnerabilities in relation to CVE-2021-44228.
Vulnerability CVE-2021-45046 has been found in Log4j version 2.15.0 and the fix should be to update to version 2.16.0. Upgrade to Log4j version 2.16.0 in the Printix Cloud was completed on Thursday 16 December 2021.
Vulnerability CVE-2021-45105 has been found in Log4J version 2.16.0 and the fix should be to update to version 2.17.0. Printix Cloud is not exposed to this, as it requires direct access to the computers in the Printix Cloud. However, as a precautionary step an upgrade to Log4j version 2.17.0 in the Printix Cloud is scheduled on Monday 27 December 2021.