Are BrightSign players affected by the Log4j Java vulnerability? I haven't seen any press releases or specifically naming BrightSign. Any insight would be appreciated.
Date
Votes
3 comments
-
Brandon Official comment The answer is No unless
- You have additional resources around your BrightSIgn solution that are subject to the vulnerability
- You or your developer has specifically requested, installed, and implemented a solution around the JRE firmware extension.
This is extremely uncommon and requires deliberate work to implement, it's not just a setting change or even offered via an automated means.
Please see this link for more information:
https://brightsign.atlassian.net/wiki/spaces/DOC/pages/370679198/Security+Statement+Log4J+Meltdown+and+Spectre+Vulnerabilities#SecurityStatement%3ALog4J%2CMeltdownandSpectreVulnerabilities-JavaApacheLog4j_________________________________________________________________________
Friendly reminder, the community forum is intended for user-to-user discussion. It is not regularly monitored. For troubleshooting problems and to ensure a timely answer from a BrightSign representative, please submit a support ticket -
Allen H. Porter I believe the answer is no unless you develop an external app that is accessed by the players that has the vulnerability.
-
Brandon As Allen has pointed out, if you have implemented additional supporting systems, web servers, applications, etc, then those may be affected but that's outside of the BrightSign domain.
_________________________________________________________________________
Friendly reminder, the community forum is intended for user-to-user discussion. It is not regularly monitored. For troubleshooting problems and to ensure a timely answer from a BrightSign representative, please submit a support ticket
Please sign in to leave a comment.