Apache Log4j2 vulnerability CVE-2021-44228

Log4j in Myst

A critical security vulnerability has been identified in the 'Apache Log4j 2' library. This vulnerability is identified as CVE-2021-44228.

‍

Myst is unaffected as we are using log4j1 whereas the vulnerability CVE-2021-44228 impacts log4j2. Therefore, no immediate action to Myst is required by Myst Software customers regarding this issue.

‍

We are currently upgrading Myst to use the latest version of log4j2 to avoid any other issues. Once available, a standard Myst upgrade will suffice.

‍

Further updates will come through our website and the Myst Slack Community.

‍

Log4j in Third Party Tools

For other third party tools generally integrated with Myst (but not managed by Myst Software) here are some helpful links.

‍

Oracle

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=84470113547007&id=2827611.1&_afrWindowMode=0&_adf.ctrl-state=od5orescb_53

‍

Jenkins

https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/

‍

JFrog Artifactory

https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/

‍

Photo by Jon Moore on Unsplash

‍