Back to Blog

Apache Log4j2 vulnerability CVE-2021-44228

David Tran

Log4j in Myst

A critical security vulnerability has been identified in the 'Apache Log4j 2' library. This vulnerability is identified as CVE-2021-44228.

Myst is unaffected as we are using log4j1 whereas the vulnerability CVE-2021-44228 impacts log4j2. Therefore, no immediate action to Myst is required by Myst Software customers regarding this issue.

We are currently upgrading Myst to use the latest version of log4j2 to avoid any other issues. Once available, a standard Myst upgrade will suffice.

Further updates will come through our website and the Myst Slack Community.

Log4j in Third Party Tools

For other third party tools generally integrated with Myst (but not managed by Myst Software) here are some helpful links.

Oracle

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=84470113547007&id=2827611.1&_afrWindowMode=0&_adf.ctrl-state=od5orescb_53

Jenkins

https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/

JFrog Artifactory

https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/

Photo by Jon Moore on Unsplash

Share on social media: 

More from our Blog

Myst Studio 6.7.3

Fixed logic of Myst sql scripts missing WLSDSTORE for 19c+ databases. Thanks Mats & Ivan!

Read Story

Myst Studio 7.0.0-rc8

Minor improvements and a number of regression fixes.

Read Story

Myst Studio 7.0.0-rc7

Improved jsch library security and fixed a bug with 10+ compute nodes

Read Story

Connect with the myst community on our slack channel.

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa.
We will never share your email address with third parties.
Join Community