Apache Log4j Vulnerability

Information about the Apache Log4j Vulnerability and its non-impact to OpenMethods.

Last published on: January 21st, 2022


On December 9, 2021, the following vulnerability in the Apache Log4j Java logging library affecting all Log4j versions prior to 2.15.0 was disclosed:

  • CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI-related endpoints.

No Impact To OpenMethods 

The OpenMethods product **does not utilize Apache Log4j** and therefore has no risk or impact from the current vulnerability. Clients do not need to upgrade any of their current OpenMethods products. 

Recommendations From OpenMethods:

Although the vulnerability does not impact our products, OpenMethods recommends upgrading to the latest Apache Log4j version or applying a fix to the current security risk.



For a description of this vulnerability and resolution, see the [Fixed in Log4j 2.15.0 section of the Apache Log4j Security Vulnerabilities page.