Vulnerabilities are in the forefront of everyone's thoughts today. Almost daily, some form of vulnerability is found. meshIQ is very aware of this and tracks vulnerabilities in our products and in 3rd party products we incorporate. In most cases, these vulnerabilities are benign in our products because the required conditions for the exposure are not present. Our products ship periodic updates and we incorporate the latest versions of any component as soon as possible. In most cases the required updates are compatible and can be made quickly (example commons-text CVE-2022-42889) but occasionally they require significant changes and require next releases (example log4j CVE-2021-44228).
On occasion, a security scan may find a vulnerability in our code. This are handled by our standard support policy and are classified in the same way as any product failure. As with any defect, we will provide a circumvention and fixes to address.