We have had a variety of customers asking for a statement of whether we're affected by the Log4J / Log4Shell vulnerability.
We do not use Log4J (or any other Java, for that matter) - so we should be unaffected.
We DO use Autodesk Forge - and at one point a customer indicated that Autodesk's trust-and-security page still had "Forge" as pending. Autodesk has expanded the statuses on this page:
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0012
Clarity does use:
- Forge Data Management: Not Vulnerable
- Forge Design Automation: Mitigated (and we only use only if you opt into Clarity Cloud Processing)
- Forge Model Derivative