Is SmartPLS affected by the Log4J vulnerability?
SmartPLS (up to version 3.3.3) contains an older version of Log4J. However, the security risk is low, because SmartPLS is not a server application and does not use Log4J for logging. Therefore, the vulnerability cannot be exploited.
Nevertheless, we recommend installing the latest SmartPLS version 3.3.4, in which we have updated the Log4J library to a patched version (2.0.16).
Users of our floating license servers do not have to worry either. Log4J is indeed included here as well. However, the used version 1.2.17 is not affected by the security problem.