Back to Blog

Apache Log4j2 vulnerability CVE-2021-44228

David Tran
Divider

Log4j in Myst

A critical security vulnerability has been identified in the 'Apache Log4j 2' library. This vulnerability is identified as CVE-2021-44228.

Myst is unaffected as we are using log4j1 whereas the vulnerability CVE-2021-44228 impacts log4j2. Therefore, no immediate action to Myst is required by Myst Software customers regarding this issue.

We are currently upgrading Myst to use the latest version of log4j2 to avoid any other issues. Once available, a standard Myst upgrade will suffice.

Further updates will come through our website and the Myst Slack Community.

Log4j in Third Party Tools

For other third party tools generally integrated with Myst (but not managed by Myst Software) here are some helpful links.

Oracle

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=84470113547007&id=2827611.1&_afrWindowMode=0&_adf.ctrl-state=od5orescb_53

Jenkins

https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/

JFrog Artifactory

https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/

Photo by Jon Moore on Unsplash

Share on social media: 
Divider

More from our Blog

Automated In-place Upgrade for Oracle Fusion Middleware

Introducing our automated in-place upgrade path for Oracle Fusion Middleware. Discover Configuration > Update Model and Java > Execute In-place Upgrade > Perform Validations

Read Story

Myst Studio 6.7.7

JMS Time-to-Live-Override is now updated correctly

Read Story

Myst Studio 7.0.0-rc12

Fixed a liquibase regression in 7.0.0-rc11

Read Story

Connect with the myst community on our slack channel.

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa.
We will never share your email address with third parties.
Join Community
Divider