assessmentQ not vulnerable to the log4j security issue

The assessmentQ platform is based on .NET and it does not use the Apache log4j library whose vulnerability (CVE-2021-44228, CVE-2021-45046) has been in the news recently.

Search functionality

The search feature in the assessmentQ Backoffice does make use of the log4j library, however, as part of its dependency on ElasticSearch. Despite this dependency, assessmentQ is not vulnerable to security issues. The reason being that the search feature is an isolated component of the platform that cannot be manipulated by hackers with bad intentions.

Extra security

Nonetheless, we are taking this opportunity to make additional improvements to the assessmentQ platform as part of our overall defense strategy:

  • We are upgrading ElasticSearch to the latest release in which the vulnerability has been resolved (already in progress). More info on this can be found here.
  • We will re-evaluate our security roadmap and operating procedures to keep improving the security of assessmentQ and shorten our response time to potential future vulnerabilities.

About assessmentQ

assessmentQ is the preferred online examination platform for educational institutions, examination centres and many other organisations. Dozens of question types, intelligent scoring mechanisms, insightful reporting and countless integration options: assessmentQ has it all.

Yoeri Deschrijver Televic Education

Yoeri Deschrijver
Yoeri is Software Development Manager. He has been leading the technological and research vision of Televic Education as R&D Manager since 2020. Before, Yoeri worked at Televic Education as Senior Software Engineer. With his experience in both start-ups and enterprise software companies, he aims at making assessmentQ the number one digital exam solution in the world.