In order to ensure the highest levels of security for our users, both Open-E JovianDSS and Open-E DSS V7 have been checked against possible vulnerabilities related to the Log4Shell exploit. After conducting multiple tests, we can now state that our products’ core systems don’t use the affected Java library, but one of the 3rd party management tools (which are run only if the related hardware is installed on the server) has been affected.  

Our tests revealed as follows:

• The MaxView Storage Manager tool utilizes the Apache Log4j library and is affected by the exploit. 

• The MegaRAID Storage Manager (MSM) utilizes the Apache Log4j library but none of our tests showed any indication of the library being affected by the exploit.

In order to minimize the risk, please ensure that your data storage setup is not connected to the Internet or is behind of a firewall. 

Open-E safety measures:

• Open-E will release updates to Open-E JovianDSS and Open-E DSS V7 to disable the MaxView Storage Manager tool to help our customers protect their infrastructure as soon as possible. 

• After that, Open-E will release an update for MaxView Storage Manager containing a security patch (more testing needed to ensure no further issues or compatibility problems). 

More information about the updates will be sent in separate emails.