Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Updated: 6th of January 2022


Friday, 10 December 2021, our OWASP-scan alerted us to a vulnerability in Log4J, a commonly used open-source library for java applications.

Analysis Delft-FEWS components and Log4Shell vulnerability CVE-2021-44228.

Worldwide, many java-based applications suffer from the Log4Shell vulnerability CVE-2021-44228. This is caused by a vulnerability in a log4j2 library. The log4j-core-2.11.1.jar is also shipped with the Delft-FEWS software in the 2018.02 - 2021.02 releases. Our users are right in demanding clarity of Deltares whether Delft-FEWS is impacted.  Here is our summary of our analysis on the Delft-FEWS software.