Log4J vulnerability does not affect Chamilo, but…

This last Thursday 9th of December 2021, a critical 0-day type vulnerability has been detected by the IT team of Alibaba (the famous Chinese e-commerce website). This vulnerability is considered *critical* and might allow anyone to execute arbitrary code on a server equipped with Log4j (i.e. real bad).

Log4j is a library used in other software written in Java. Chamilo doesn’t use Java and is, as such, not affected itself. Some of our users, however, use Java software to provide extended capabilities to Chamilo, like the “Chamilo Rapid” converter of PPT to learning paths, or BigBlueButton, the videoconference software.

BigBlueButton, the most common of these extensions, doesn’t seem affected by this issue. In recent versions, at least, it doesn’t make use of Log4j. If you use Scalelite, it doesn’t seem affected either. So there’s nothing to do.

Read the full story by

Tags:

RELATED READS
Using LMS to Create an Effective Lab Training Program Why education providers must focus on cybersecurity
We are updating our Privacy Policy, so please make sure you take a minute to review it. As of May 25, 2018 your continued use of our services will be subject to this new Privacy Policy.
Review Privacy Policy OK