On December 9, 2021, the following vulnerability in the Apache Log4j Java logging library affecting all Log4j versions prior to 2.15.0 was disclosed:
- CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI-related endpoints.
No Impact To OpenMethods
The OpenMethods product **does not utilize Apache Log4j** and therefore has no risk or impact from the current vulnerability. Clients do not need to upgrade any of their current OpenMethods products.
Recommendations From OpenMethods:
Although the vulnerability does not impact our products, OpenMethods recommends upgrading to the latest Apache Log4j version or applying a fix to the current security risk.