​​The Cambridge Crystallographic Data Centre (CCDC).
The CCDC websites use cookies. By continuing to browse the site you are agreeing to our use of cookies. For more details about cookies and how to manage them, see our  cookie policy.

Is CCDC CSD software affected by the CVE-2021-44228 vulnerability?

Solution

In response to the CVE-2021-44228 vulnerability in the Apache Log4j library, also known as Log4Shell, we at CCDC can confirm that our software and services do not use this Apache logging component and are therefore not affected.

While CCDC software and services are not affected, there may be third-party software and services where our data or software is utilised or linked to - CCDC is not responsible for the maintenance of such systems and we would recommend customers perform a thorough review of all software and services they may use and apply any patches or fixes that third party software recommends.

We have ourselves carried out a thorough review of all of our internal systems and have applied patches and fixes where necessary. An extensive vulnerability check has determined our systems are secure and we will continue to monitor our systems to ensure they remain secure from both this and any other threats that may emerge.