WebWorks Security Update

Learn more about a recent security update for WebWorks ePublisher.

by Tony McDow
December 20, 2021

WebWorks is aware of the recently disclosed security issue relating to the open-source Apache "Log4j version 2" utility (CVE-2021-44228). After an extensive review, we have determined that there is no immediate security vulnerability for ePublisher users. The Apache log4j library is currently included with ePublisher and is present during the product installation. However, ePublisher does not utilize this Apache library for any of its functions.

Moving forward, the Apache Log4j library will no longer be bundled with the ePublisher installation. If you would like to reinstall ePublisher, you can request a download link to the 2021.1 version of ePublisher. If you have access to this version, it will be provided at no extra cost.

If you are unable to update your current version, you can follow the instructions located here - 2021-0001: Apache log4j library security advisory (webworks.com) to manually remove the Apache library. Removing this library will not affect any functionality of ePublisher.

Further Reading