AgilQuest is aware of the Log4j vulnerability reported under CVE-2021-44228 as reported by NIST (https://nvd.nist.gov/vuln/detail/CVE-2021-44228).
OnBoard 6.0 - This does not impact our customers remaining on our legacy platform, OnBoard 6 which uses Wildfly 10. Wildfly does not and never has included the specific components impacted by CVE-2021-44228. Please follow this link for more detail: https://www.wildfly.org/news/2021/12/13/Log4j-CVEs/.
OnBoard 5.7 and older - Older versions of OnBoard were built on and ship with the JBoss application server. The versions in used during this time could include impacted component that fall within the defined range of CVE-2021-44228. We recommend that the small set of our customers still using older versions of OnBoard contact the AgilQuest Customer Success Team to transition over to the Forum.
Commander BI - While it does not use Log4j, the Logi Analytics platform it was based on does include an older version of Log4j as part of the base Java libraries used by some of their customers (AgilQuest does not use Logi's Java engine, but instead the .NET one). Fortunately, the version shipped, 1.2.8, which falls out of the version range listed in the CVE-2021-44228.
If you should have any additional concerns or questions, please reach out to the AgilQuest Customer Success Team.