This last Thursday 9th of December 2021, a critical 0-day type vulnerability has been detected by the IT team of Alibaba (the famous Chinese e-commerce website). This vulnerability is considered *critical* and might allow anyone to execute arbitrary code on a server equipped with Log4j (i.e. real bad).
Log4j is a library used in other software written in Java. Chamilo doesn’t use Java and is, as such, not affected itself. Some of our users, however, use Java software to provide extended capabilities to Chamilo, like the “Chamilo Rapid” converter of PPT to learning paths, or BigBlueButton, the videoconference software.
BigBlueButton, the most common of these extensions, doesn’t seem affected by this issue. In recent versions, at least, it doesn’t make use of Log4j. If you use Scalelite, it doesn’t seem affected either. So there’s nothing to do.
Tags: Blog