A number of customers have raised support tickets related to a recent vulnerability around Apache Log4J (CVE-2021-44228) and Log4Shell (Second log4j Vulnerability Published as CVE-2021-45046).
We check and monitor our service in line with major reported vulnerabilities and threats both proactively and as part of security and penetration testing cycles.
For the specific threat mentioned above, Matrix Booking Ltd can confirm that Apache Log4J and Log4Shell are neither a direct or transitive dependency within our core software.
Note: this relates to a recent vulnerabilities (CVE-2021-44228 and CVE-2021-45046) that have been highlighted, but don’t affect or impact Matrix Booking, our mobile app, our kiosks apps and devices, or our flow applications.
CVE-2023-44487
A few customers have also raised questions regarding vulnerability: CVE-2023-44487
We can confirm that Matrix Booking is not impacted by this vulnerability in any way.