Background
A critical vulnerability known as "Log4Shell" has been found in the Log4j Java library. Details can be found here. A subsequent vulnerability has also been discovered, as documented here.
Mitigation
The Log4Shell and related vulnerabilities apply only to Log4j v2 and above, and affected only an internal component of Redstor's backend Data Management Platform that is not publicly exposed to the Internet. This has already been mitigated by upgrading to Log4j v2.17.0.
Log4j is also used on the SE and ESE agents, but these utilise versions that are not affected by Log4Shell. Details can be found here.
Note: Other Redstor software, including the AccountServer and StorageServer, is not written in Java so does not use Log4j, and therefore does not require mitigation.
Comments
0 comments
Article is closed for comments.