IT Security Search does not use Apache Log4j, therefore is not affected by CVE-2021-44228
Log4j's use within ITSS is extremely limited:
1. Used by Elastic Search for basic logging
2. The logging is only console and file output
3. At absolutely no point do we, or have we ever used a JMSAppender
The instance of log4j currently shipped is out of support and has CVEs logged against it. In the next release (11.5) it will be eliminated entirely. There is currently no ETA for the 11.5 release.
© ALL RIGHTS RESERVED. Feedback Términos de uso Privacidad Cookie Preference Center