Tech Bulletin

December 14 2021

Due to a recently discovered cybersecurity vulnerability in the Log4j Java library, IPRO Information Governance (formerly NetGovern) 6.4 & 6.5 requires a critical product update.

The vulnerability was found in Log4J, an open-source logging library used by apps and services within the IPRO Information Governance 6.4 & 6.5 product and affects crawling and indexing. The software now requires the update outlined below based on Server type.

The vulnerability is only accessible once logged in or through direct LAN access to the indexing server. However, once this is obtained, the individual can elevate their rights and obtain full administrative rights on the local server and continue to exploit other areas.

For all customers on IPRO Cloud, our team will apply the updates tonight (December 14, 2021) during an urgent maintenance window. Please subscribe to for additional communication.

For all customers On-Premises, the update will require a momentary downtime. Please follow the instructions below or contact Support for assistance—

These changes will also be rolled into the next minor release.

Please refer to this article for further information about the vulnerability.