Ask a Question

Is Alertsite affected by the Log4J vulnerability?

SOLVED

Is Alertsite affected by the Log4J vulnerability?

Hi 
I would like to know if Alertsite application is affected by the Log4J vulnerability issue and if it is has a patch has been release ?

 

Thanks in advance

 

Frank

1 ACCEPTED SOLUTION

Accepted Solutions
sonya_m
Community Manager

Re: Is Alertsite affected by the Log4J vulnerability?

Hi @SPATIALinfo_Pty_1 ,

 

The Apache Log4j2 Remote Code Execution (RCE) Vulnerabilities - CVE-2021-44228 and CVE-2021-45046 have been mitigated or remediated on SmartBear-managed cloud products. If you are on an on-premise version or a customized version, please reach out to our support team at https://support.smartbear.com for further information.

 

Apache recently announced that the fix to address CVE-2021-44228 (upgrading Log4j to at least version 2.15.0) is not complete if non-default or custom configurations are used. SmartBear products remain unaffected with this new information. SmartBear does not use the non-default configurations and the residual risk is low in using the 2.15.0 version of Log4j.

 

Many SmartBear products are already using Log4j 2.16.0. Out of an abundance of caution, SmartBear products not already using 2.16 will update to this version during the next available release.


Sonya Mihaljova
Community and Education Specialist

View solution in original post

1 REPLY 1
sonya_m
Community Manager

Re: Is Alertsite affected by the Log4J vulnerability?

Hi @SPATIALinfo_Pty_1 ,

 

The Apache Log4j2 Remote Code Execution (RCE) Vulnerabilities - CVE-2021-44228 and CVE-2021-45046 have been mitigated or remediated on SmartBear-managed cloud products. If you are on an on-premise version or a customized version, please reach out to our support team at https://support.smartbear.com for further information.

 

Apache recently announced that the fix to address CVE-2021-44228 (upgrading Log4j to at least version 2.15.0) is not complete if non-default or custom configurations are used. SmartBear products remain unaffected with this new information. SmartBear does not use the non-default configurations and the residual risk is low in using the 2.15.0 version of Log4j.

 

Many SmartBear products are already using Log4j 2.16.0. Out of an abundance of caution, SmartBear products not already using 2.16 will update to this version during the next available release.


Sonya Mihaljova
Community and Education Specialist

View solution in original post

cancel
Showing results for 
Search instead for 
Did you mean: