For any customers concerned about log4j or Spring4Shell.
Moderators: AmigoJack, bbadmin, helios, Bob Hansen, MudGuard
For any customers concerned about log4j or Spring4Shell.
For any customers concerned about log4j or Spring4Shell vulnerability, we can confirm that neither TextPad nor our website uses log4j or Spring4Shell.
Associating Java with this product feels like asking if animals were harmed during the production: chances are so off that questioning it can only be reasoned by i.e. panic.
What is a bit more concerning: in 2022-03-25 a threat in ZLIB was discovered and every implementation after 1.2.2.1 and before 1.2.12 is affected. The ZLIB compression is used in i.e. PNG and HTTP and ZIP - everything that uses DEFLATE. Could you please check for that, too? I'm not expecting it to be in TextPad, tho. See:
https://cve.mitre.org/cgi-bin/cvename.c ... 2018-25032
https://github.com/madler/zlib/blob/mas ... geLog#L784
https://en.wikipedia.org/wiki/Zlib
What is a bit more concerning: in 2022-03-25 a threat in ZLIB was discovered and every implementation after 1.2.2.1 and before 1.2.12 is affected. The ZLIB compression is used in i.e. PNG and HTTP and ZIP - everything that uses DEFLATE. Could you please check for that, too? I'm not expecting it to be in TextPad, tho. See:
https://cve.mitre.org/cgi-bin/cvename.c ... 2018-25032
https://github.com/madler/zlib/blob/mas ... geLog#L784
https://en.wikipedia.org/wiki/Zlib
Sorry, missed this the first time around.
TextPad does use zlib, but only to load the PNG buttons for its toolbars. Hence it calls inflate, but not deflate to which the CVE applies.
Interestingly, as of 16th September, this vulnerability has been modified and is currently undergoing reanalysis. See https://nvd.nist.gov/vuln/detail/CVE-2018-25032
TextPad does use zlib, but only to load the PNG buttons for its toolbars. Hence it calls inflate, but not deflate to which the CVE applies.
Interestingly, as of 16th September, this vulnerability has been modified and is currently undergoing reanalysis. See https://nvd.nist.gov/vuln/detail/CVE-2018-25032