Forum Discussion

sth2ot's avatar
sth2ot
Regular Visitor
3 years ago

log4j security vulnerability

Hello SmartBear, is the Collaborator affected by the log4j security vulnerability issue? If so, are we getting a hotfix?

  • SmartBear is aware of the recently disclosed security issue affecting the open-source Apache “Log4j2” utility (CVE-2021-44228). The Security team is actively working to mitigate our exposure and continue to provide enhanced monitoring of our platforms to safeguard information. Resources potentially affected by this vulnerability have been identified and our Information Technology and Information Security teams are working closely together to remediate any potential exposure in our platforms and environment.

     

    Please check https://smartbear.com/security/cve-2021-44228/ for further updates.

  • boucherm's avatar
    boucherm
    Regular Visitor

    I received a response from the Smartbear support team.

    Collaborator is not affected by CVE-2021-44228 for the following reasons:
    - Collaborator doesn't run Apache Log4j2 at all. Collaborator still uses the first major version of Log4j (namely 1.2.17).
    - Due to the version incompatibility, Collaborator never contained the functionality covered by CVE-2021-44228.
    - The Log4j configuration of Collaborator never used the remote logging features of Log4j.

     

  • D0UG's avatar
    D0UG
    Community Manager

    SmartBear is aware of the recently disclosed security issue affecting the open-source Apache “Log4j2” utility (CVE-2021-44228). The Security team is actively working to mitigate our exposure and continue to provide enhanced monitoring of our platforms to safeguard information. Resources potentially affected by this vulnerability have been identified and our Information Technology and Information Security teams are working closely together to remediate any potential exposure in our platforms and environment.

     

    Please check https://smartbear.com/security/cve-2021-44228/ for further updates.