CVE-2021-44228 log4j impact regarding InfluxData products #22985
-
CVE-2021-44228 log4j impact regarding InfluxData productsThe This includes all versions of:
|
Beta Was this translation helpful? Give feedback.
Replies: 5 comments 3 replies
-
Please note that the engineering team treated this as very high priority, and ruled out that we were using the affected library in publicly available projects. We believe that the following projects are wholly unaffected:
There were some places where our internal tooling used the impacted library. These places were not particularly vulnerable, as they were not accessible to the public internet. Nonetheless, they were either patched or the issue mitigated immediately. I believe that there are currently no signs that this exploit has impacted InfluxDB or InfluxData. |
Beta Was this translation helpful? Give feedback.
-
The https://github.com/influxdata/telegraf-operator/ project references
See elastic/helm-charts#1463 for details. A fix planned for |
Beta Was this translation helpful? Give feedback.
-
Another issue, CVE-2021-45046, was discovered in log4j 2. Like CVE-2021-44228, this only affected internal tooling which has either been patched or the issue was mitigated. |
Beta Was this translation helpful? Give feedback.
-
Shall I just have the blog post updated to cover both CVEs? |
Beta Was this translation helpful? Give feedback.
Our official blog post is here.