Log4J vulnerability “Log4Shell”: our recent product versions are not affected

The good news: none of our recent product versions is using Log4J:

  • SmartGit 18.1 and newer
  • SmartSVN 9.3 and newer
  • SmartSynchronize 3.5 and newer
  • DeepGit 4.0 and newer

However, Log4J 1.x was used by older versions of our products:

  • SmartGit 17.1 and older
  • SmartSVN 9.2 and older
  • SmartSynchronize 3.4 and older
  • DeepGit 3.0 and older
  • SmartCVS

Log4J 1.x should not be affected by CVE-2021-44228 (“Log4JShell”), but there is another important vulnerability CVE-2019-17571 affecting Log4J 1.x. For this reason, we have decided to remove the affected versions from our download archive.