Some earlier versions of Schemus installed an older version of Log4J to enable logging by third party libraries which use it. This process Has caused concerns since the discovery of the new vulnerability CVE-2021-44228.

Email Security.cloud

Vulnerability CVE-2021-44228 has been found to affect applications that uses Log4J.

Schemus 1.50 and above does not install Log4j so a standard installation is Not affected by CVE-2021-44228. 

Note : If you are using an older version of Schemus and if Log4J is present, or If the installed version predates the CVE-2021-44228 vulnerability which was introduced in Log4j 2.0. 

Follow below steps :

1 - Ensure that the Schemus application is not running before deleting this library.

2 - Remove the log4j library, if present under path :  C:\Program Files\Schemus\application\lib\log4j-1.2.17.jar