The good news: none of our recent product versions is using Log4J:
- SmartGit 18.1 and newer
- SmartSVN 9.3 and newer
- SmartSynchronize 3.5 and newer
- DeepGit 4.0 and newer
However, Log4J 1.x was used by older versions of our products:
- SmartGit 17.1 and older
- SmartSVN 9.2 and older
- SmartSynchronize 3.4 and older
- DeepGit 3.0 and older
- SmartCVS
Log4J 1.x should not be affected by CVE-2021-44228 (“Log4JShell”), but there is another important vulnerability CVE-2019-17571 affecting Log4J 1.x. For this reason, we have decided to remove the affected versions from our download archive.