Implications on the Recent Apache Log4j Vulnerability

Penny and Spencer are not affected by the Apache Log4j vulnerability

A high severity vulnerability, (CVE- 2021-44228), impacting multiple versions of Apache Log4j utility, was disclosed publicly on December 9, 2021. The vulnerability impacts Apache Log4j 2 versions- 2.0 to 2.14.1. You can find the details of this vulnerability documented here: https://logging.apache.org/log4j/2.x/security.html 

Neither Penny nor Spencer access this module and as a result, there are no patches required.  

If you have third party solutions that you are unsure, we do recommend you check out vendor sites to ensure they have no use of the module or they have installed a patch. 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.