A severe Zero-day security issue, Log4Shell (CVE-2021-44228), was discovered on December 10 in the Java logging library, log4j v2.x. Our team has identified the issue and the effect on Java products.

We quickly resolved the issue and released new product versions on December 13 and 14, 2021. However, after that, security experts found a second vulnerability involving Apache Log4j (CVE-2021-45046). Although this is not as severe as the original vulnerability, we made new releases that resolved this issue, providing enhanced security for our customers.

New security updates are available for the following products:

Prosys OPC UA Browser 4.1.0 release previously already contained the required fix.

To learn more about the security vulnerability in Java-based OPC UA applications, check our Blog Post.

Please contact Prosys OPC Sales for more information.