No Issues with Log4J

We have had a variety of customers asking for a statement of whether we're affected by the Log4J / Log4Shell vulnerability.

We do not use Log4J (or any other Java, for that matter) - so we should be unaffected.

We DO use Autodesk Forge - and at one point a customer indicated that Autodesk's trust-and-security page still had "Forge" as pending. Autodesk has expanded the statuses on this page:

https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0012

Clarity does use:

- Forge Data Management: Not Vulnerable

- Forge Design Automation: Mitigated (and we only use only if you opt into Clarity Cloud Processing)

- Forge Model Derivative API: Mitigated (and we only use if you run the Publish to Autodesk Viewer task)

With this, we can declare that all aspects of Clarity are not vulnerable or mitigated with respect to the Log4J / Log4Shell issue.

Matt Mason
Product Manager

Matt Mason

Posted · Updated

Confirmation

Confirmation

No Issues with Log4J

Your Reply

Dialog Caption