[NOT VULNERABLE] - Log4j Remote Code Execution CVE 201-44228 #1381
Labels
Security
Items related to security (authentication / authorization)
Comments
MarkAckert
added
the
Security
MarkAckert
changed the title
MarkAckert
changed the title
|
Closing the issue as the topic and the information was published and at the moment doesn't seem to have any more relevance. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
Topline Summary:
Zowe distributions are not affected by this vulnerability.
One unpublished incubator project used the vulnerable library and has been patched.
Details
A recent remote code execution exploit was discovered in the popular Log4j library. See here for more information: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
The Zowe community reviewed our usage of log4j, and confirmed we do not use the vulnerable libraries in any of our distributions of Zowe.
We did find one instance of the vulnerable library in a Zowe incubator project, the Zowe Java Client SDK, which is now using a newer version of the library. This incubator project is not built or shipped as part of any Zowe distribution. If you are using this incubator project, you are advised to pull/merge the most recent commits.
This issue will be updated if any new information comes in.
The text was updated successfully, but these errors were encountered: