California, Dec 16th 2021. On December 9th/10th 2021, a zero-day vulnerability in the Apache Java logging library Log4j (CVE-2021-44228) was discovered. While we still investigate the issue at a deeper level, we want to assure our users that there is no immediate impact on our products – Conformiq Creator and Conformiq Designer.
The Conformiq Computation Server does not run Log4j, and the Eclipse client does not expose external services and runs Log4j 1.2.x which remains unaffected with the vulnerability. We are also working closely with our partners/providers of third-party tools which we use to ensure our products are not impacted indirectly.
As we continue to gain deeper understanding of the threat, we will help customers detect and mitigate the impact. In addition to monitoring the threat, our development teams are also analyzing our products to understand where Apache Log4j may be used to take appropriate steps to mitigate any risk. Any such instance will be notified immediately to the affected party.
Conformiq is a leading software technology company, focused on automating test automation, functional testing design and software quality. Conformiq’s Intelligent Test Automation solutions are designed to automate the entire testing processes from design to generation to execution with minimal human intervention. Our solution adapts quickly to new product requirements, eliminating the time required for laborious test case creation, test execution & script maintenance during short sprints. Thus, enabling High Quality@Speed through a no-touch, script-free testing platform.
Conformiq’s products integrate with all leading Test Automation and requirement management tools for e2e automation, from requirements to test execution, uniquely auto-generating data, executable scripts, validations, and traceability.
Contact Information -
Supriya V Gondkar
Conformiq India Pvt Ltd