Any Zero Day Vulnerability - Log4j version 2.x.x - 2.15.x issues with Sketchup?

My IT security team is having me go through all our applications and check on any Log4j vulnerability issues and the mitigation plan as necessary.

More info here: What's the Deal with the Log4Shell Security Nightmare? - Lawfare

Errr… Isn’t the vulnerability in server, not desktop software? Of course, some of SketchUp’s functions like 3D Warehouse and Location use web-based services but there is nothing an user can do to check or fix those. Maybe @colin can enlighten us about those?

I believe it is any software (desktop or server) that uses the log4j library.

Trimble SketchUp has identified the Log4j vulnerability as a potential exposure for Trimble SketchUp and is executing its vulnerability management process to assess the risk and prioritize remediation. We have engaged engineering resources, third party cybersecurity vendors and software providers. We are continuously refreshing our datasets as we identify potential exposures in our infrastructure and product code.

2 Likes

Here is a further statement from the SketchUp Team:

1 Like

This topic was automatically closed after 186 days. New replies are no longer allowed.