Following the identification of a global security vulnerability relating to the widely used java library we have issued the following resilience assurance statement for users of ResourceXpress.
Last Friday a vulnerability named log4shell was found on a widely used java library (log4j). This vulnerability is very easy to use and can grant an attacker the ability to execute code. More information can be found here.
The ResourceXpress application does not reference any libraries, of any version, that are affected by this vulnerability. The underlying infrastructure has also been reviewed and does not reference any log4j libraries. RX SaaS, ResourceXpress On-Premise and our hosting infrastructure are not vulnerable to CVE-2021-44228.