Log4j 2 update: MindManager is NOT vulnerable

Craig B. shared this announcement 36 days ago

Hi MindManagers - as you may have heard, there was a critical vulnerability detected in Javascript on December 9th affecting various applications and hardware used worldwide. Log4j 2 (CVE-2021-44228) is a Java-based logging utility used in configuration, log messages, and parameters. 

We have had some customers asking whether MindManager uses Log4j 2. Our engineering team has completed testing on our products and NO vulnerabilities were discovered with MindManager software.

Here are the details:

  • Later versions of MindManager Mac bundle log4j-1.2.13.jar library. This is an earlier version than the one with the vulnerability. There is no vulnerability with MindManager Mac.
  • None of our earlier versions of MindManager for either Windows or Mac are vulnerable.
  • None of our cloud services are vulnerable.
  • We did discover a vulnerability with mindmanager.com for services tied to Amazon Web Services , however, those services have all been patched by AWS.

Thank you all for your attention to this matter. Trust is MindManager’s #1 value, and we take the protection of our customers’ data very seriously. If you have further questions, please reach out to your account manager or our customer support team.

Best regards,

Your MindManager Team