In response to your concerns regarding the vulnerabilities (CVE-2021-45105, CVE-2021-45046, CVE-2021-44832, CVE-2021-44228) exposed recently related to Apache Log4j, in our investigation so far, we can confirm that Splashtop is NOT vulnerable to this exploit.
As Splashtop and the industry at large continue to gain a deeper understanding of the impact of this threat, we will update the user with further information as they become available.
Please feel free to reach out to us if you have any more questions. Thank you for your patience and continued support.
Update April 2022
We have released new versions of Splashtop Gateway and Splashtop Center with updated Log4j framework. Please see below for details.
Splashtop Gateway v3.16.0, for Splashtop On-Prem users
Updated Log4j version: 2.17.2
Splashtop Center v18.104.22.168, for Splashtop Enterprise Legacy (v2) users
Updated Log4j version: 2.17.1