On December 9th, an acute remote code execution (RCE) vulnerability was reported in the Apache logging package Log4j 2 versions 2.14.1 and below (CVE-2021-44228). This vulnerability applies http or https-based applications using Java based logging.
Information on this vulnerability and actions to take can be found here.
The Materialise Software engineering teams have reviewed our active product set and can confirm that our software is not at risk of exploitation through this vulnerability.
This includes Magics and its components, Build Processors, 3-matic, Materialise Control Platform, Streamics, and Link3D*.
*Note that Link3D software is an ongoing acquisition of Materialise, with transaction expected to be closed by end of 2021. More information here.
In addition, 3rd party products used in the supply of our services (this support site help.materialise.com, our online training platform training.materialise.com) and our payment providers have also been verified as not impacted.
If you have specific questions around this issue, please contact our support team. If further updates are needed, they will be added to this article.