We are working with Micro Focus to provide official product bulletins for File Dynamics, File Reporter, and Kanaka. However, to assuage community concerns we wanted to let everyone know the status of File Reporter in regards to the Log4j vulnerability recently announced [CVE-2021-44228].
No current or previous versions of File Reporter are vulnerable to this exploit. The only component which uses any Java-based service is the AgentFC component included in File Reporter 4.0, and installed only for content scanning. This component includes Tika 1.24.1, which itself includes Log4j 1.2.17, which is not vulnerable to this exploit.
I will be happy to answer any clarifying questions, and will update this thread when an official product bulletin is posted. Thank you all for your continued support of File Reporter!
Grant Woodward
Technical Support Manager
File Reporter / File Dynamics / Kanaka
Condrey Corporation