Regarding vulnerability CVE-2021-44228 in the Apache Log4j Java library.
The TimeXtender software is developed using .NET Framework and does not utilize Java runtime or it's associated libraries, such as Log4j. Therefore, TimeXtender is not affected by the Log4j vulnerability.
CData has also confirmed that their ADO.NET providers are not affected by the Apache Log4j vulnerability.
However, technologies you may use in association with a TimeXtender solution may be using Java runtime. Examples of these technologies are:
- Some OleDB Providers
- Some ODBC Providers
- or Some Custom Data Sources
The custom components Custom-Components-Setup is not affected by this either.
You will have to contact the vendors of any of the above 3rd party providers to confirm if they are using Apache Log4j.
One known example of associated technology using Java runtime is the Microsoft Azure Data Factory Self-hosted integration runtime which may be used with some ODX Azure Data Factory data sources. If you are using a Self-hosted integration runtime, be sure to update your Java runtime environment to the latest version to apply any necessary security patches.
Here is a response about this from Microsoft Info about self-hosted integration runtime (IR)