tagtog response to CVE-2021–44228

By Dr. Juan Miguel Cejuela🤲 this story’s open link

Last update: 2021–12–19

We have worked with a high priority on evaluating all the details for the tagtog software regarding the worldwide CVE-2021–44228 vulnerability (“Log4jShell”). Please read here our response.

In short:

More info:

The tagtog software uses 9 docker images:

> 8 of our tagtog docker images either do not package any log4j library or otherwise use a non-affected log4j version. That includes our main docker image, the webapp.

> 1 docker image (“tagtog_index”) packages a susceptible log4j library version. But the scope functionality of this docker image is minimal. Most importantly, no user’s information nor input is logged in here. Thus, there is no possible vulnerability. Moreover, as of today’s status, tagtog is not affected by CVE-2021–45046 either.

Our measures:

If you are a tagtog OnPremises client, 👉 you can now update your tagtog version.

We appreciate that our teams support each other in realizing high-security standards.

The tagtog team and I are gladly at your disposal for any further questions and information.

The text annotation platform to train #NLP. Easy. 🔗 tagtog.net