Apache Log4j Vulnerability

Information about the Apache Log4j Vulnerability and its non-impact to OpenMethods.

Last published on: January 21st, 2022

Summary

On December 9, 2021, the following vulnerability in the Apache Log4j Java logging library affecting all Log4j versions prior to 2.15.0 was disclosed:

CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI-related endpoints.

No Impact To OpenMethods

The OpenMethods product **does not utilize Apache Log4j** and therefore has no risk or impact from the current vulnerability. Clients do not need to upgrade any of their current OpenMethods products.

Recommendations From OpenMethods:

Although the vulnerability does not impact our products, OpenMethods recommends upgrading to the latest Apache Log4j version or applying a fix to the current security risk.

Delete

Info

For a description of this vulnerability and resolution, see the [Fixed in Log4j 2.15.0 section of the Apache Log4j Security Vulnerabilities page.

OpenMethods 6.9
What's included in this release? The OpenMethods 6.9 release includes notable upd...

Contact Us

Apache Log4j Vulnerability

Summary

No Impact To OpenMethods

Recommendations From OpenMethods:

Info

Related Articles

OpenMethods Help Center

Contact Us

Summary

No Impact To OpenMethods

Recommendations From OpenMethods:

Info

Related Articles