There was a zero-day exploit of a Java library we use call log4j in our XLr8 Tools for Unidata and Universe databases. We have been using that library without incident for 17 years give or take for logging our Java errors. Nonetheless, here is an article that explains this exploit better than I can from PCMAG, enjoy.
Here is our changelog:
v4.17.2 - Dec 12, 2021
XLr8Developer removed window.changed option since it is not used in Webix
XLr8Developer added textarea height and width option to size boxes for this Webix control
log4j update from 2.14 to 2.15
v4.17.1 - Nov 18, 2021
XLr8Installer an option was added to force the creation of a directory file if the file does not exist.
XLr8Commander right-click option was grayed out in error and is now working.
v4.17.0 - Nov 10, 2021
XLr8Dictionary option added to display on the console dictionary editor reads, writes and compiles.
XLr8Dictionary editor "Save and Compile Selected" button and menu option failed to write selected items and has been fixed.
v4.16.7 - Nov 08, 2021
XLr8Commandinterpreter was renamed to XLr8Commander in all Java source points.
XLr8Dictionary editor will no longer show null ids items that were causing errors in display and removal.
v4.16.6 - Nov 04, 2021
XLr8Dictionary editor did not show I-descr that did not match internal values.
