In the last few days, a critical vulnerability emerged in Java-based systems, caused by a lack of protection in the Log4j libraries (Apache Log4j: Security Vulnerabilities) affecting in particular the Java 8 (and later) and some Java 7 releases. The problem may affect any Windows or Linux system.
We are proud to announce that none of our endpoint products is affected by this issue, both thin clients and software! You can keep safely using your Praim ThinOX or Praim Agile based system (regardless if you are using Agile4PC, Agile4Pi or Agile4Linux), without the need of any action.
New versions of ThinMan and ThinMan Gateway (respectively 8.4.1 and 2.3.3) have been made immediately available including the patch 2.15.0 from Apache solving the first and main vulnerability CVE-2021-44228. It is already possible to protect your instances by downloading such versions from the MyPraim area and updating your systems accordingly. We recommend, alternatively, to avoid publishing your ThinMan server externally to the corporate infrastructure.
The second vulnerability CVE-2021-45046 does not affect ThinMan, however the 2.16.0 update will be integrated in the next forthcoming versions of our software (ThinMan 8.4.2 and ThinMan Gateway 2.3.4, respectively).