...
Actions recommended to DualShield customers
If In general, you should always upgrade your DualShield to the latest update as soon as possible. However, if you are running DualShield 6.4 and cannot upgrade to the latest update, then you should add "-Dlog4j2.formatMsgNoLookups=true" into the JAVA settings and restart the DualShield service after the change.
...
Actions being taken by the DualShield teamWe are working to produce an update of the DualShield Platform that will include the latest update of Log4J that has fixed the vulnerability. We estimate that the update will be ready by Friday, December 17, 2021.
A new update of DualShield has been produced and released, DualShield 6.4.20.1215.
In this update, we have made the following changes:
1. Log4j is completely removed from the SSO server (the frontend) in the DualShield platform
2. Log4j in the authentication server (the backend) in the DualShield platform has been upgraded to Log4j 2.16
3. Log4j in the certificate server (frontend) has been upgraded to Log4j 2.16