Who does this affect?
This article applies to users running Portfolio 3.6.3 and 4.0.
Why is this happening?
On December 10, 2021 researchers reported CVE-2021-44228, detailing an exploit in the Log4j library that allowed a malicious user to run code on an affected system. Portfolio uses an affected version of Log4j.
Is there a solution?
Yes. Portfolio versions 3.6.3 and 4.0 need to update to the latest version of Portfolio 4.0.1 can be found on our Installers page here:
https://www.extensis.com/support/portfolio-4/
If you have questions or require more assistance, please submit a support request.