assessmentQ not vulnerable to the log4j security issue
The assessmentQ platform is based on .NET and it does not use the Apache log4j library whose vulnerability (CVE-2021-44228, CVE-2021-45046) has been in the news recently.
Search functionality
The search feature in the assessmentQ Backoffice does make use of the log4j library, however, as part of its dependency on ElasticSearch. Despite this dependency, assessmentQ is not vulnerable to security issues. The reason being that the search feature is an isolated component of the platform that cannot be manipulated by hackers with bad intentions.
Extra security
Nonetheless, we are taking this opportunity to make additional improvements to the assessmentQ platform as part of our overall defense strategy:
- We are upgrading ElasticSearch to the latest release in which the vulnerability has been resolved (already in progress). More info on this can be found here.
- We will re-evaluate our security roadmap and operating procedures to keep improving the security of assessmentQ and shorten our response time to potential future vulnerabilities.
Let’s talk!
Schedule a short call with one of our experts, free of obligation. They will be happy to listen to your needs.
Yoeri Deschrijver
Yoeri is Software Development Manager. He has been leading the technological and research vision of Televic Education as R&D Manager since 2020. Before, Yoeri worked at Televic Education as Senior Software Engineer. With his experience in both start-ups and enterprise software companies, he aims at making assessmentQ the number one digital exam solution in the world.
