A number of customers have raised support tickets related to a recent vulnerability around Apache Log4J (CVE-2021-44228) and Log4Shell (Second log4j Vulnerability Published as CVE-2021-45046)
We check and monitor our service in line with major reported vulnerabilities and threats both proactively and as part of security and penetration testing cycles.
In relation to the specific threat mentioned above, Matrix Booking Ltd can confirm that Apache Log4J and Log4Shell are neither a direct or transitive dependency within our core software.
This relates to a recent vulnerabilities (CVE-2021-44228 and CVE-2021-45046) that have been highlighted but do not affect or impact Matrix Booking web app, signage applications, mobile applications, kiosks applications, arrivals screens, flow applications.
CVE-2023-44487
A few customers have also raised questions regarding vulnerability: CVE-2023-44487
We can confirm that Matrix Booking is not impacted by this vulnerability in any way.