LUMBERJACK is not vulnerable to log4j


With the increasing worry that the LOG4J is causing, we would like to reassure you with regards to LUMBERJACK.

The LUMBERJACK software is not vulnerable to the log4j vulnerability CVE-2021-44228. LUMBERJACK does not use the log4j application to log any information. The LUMBERJACK software, including the web interface, was all written by Focom Ltd and does not contain any third party applications such as Apache or IIS.

Call log information is collected and processed into standard records for insertion into the database, these are then encrypted and sent to the database server. The database server decrypts the incoming request and after verifying the data, stores the information in the database. Part of the verification is modifying all text fields to only contain a subset of valid characters and ensuring a fixed length, this ensures that incoming data is safe or ignored in the case of encryption failures.