Chat now with support
Chat with Support
Self Service Tools
Knowledge Base
My Account
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Support Essentials
Awards and Testimonials
Getting Started
License Agreement
Support Guide

Foglight Product Notification

Critical Alerts

On December 9, many of us were made aware of a vulnerability associated with the Apache log4j utility. Foglight for Databases and Foglight Evolve 6.0.0 are affected as described below.

Log4j is a common open source logging utility, and Foglight prior to version 6.0.0 does not use the affected version of log4j.  

How does this affect me?

If you have deployed Foglight 6.0.0 with any of these cartridges, a fix is being tested that is expected to be available soon:

  • Foglight Database cartridges:  DB2, Oracle, Azure, SQLServer, Sybase, MySQL PI 
  • Foglight Evolve cartridges: AD, Exchange, and Office365 


The fix is being tested now as top priority in R&D/QA to upgrade those affected cartridges to use the latest version of log4j v2 which is not affected. Please note that any Foglight release prior to version 6.0.0 is not affected.

If you would like to continue to use Foglight 6.0.0 before the fix is available, please apply the workaround detailed in Knowledgebase article 335908 that removes the vulnerabilities from all Foglight 6.0.0 components, including the Foglight Management Server, Foglight Agent Manager, and all cartridges


Foglight Evolve and Foglight for Databases installers will be reposted. Once the fix is available we will send out an update notification.

Please know that the product team, R&D, and the Quest security team are doing all we can to assess and address vulnerabilities associated with the Apache log utility log4j. There is no higher priority at this time. 

If you need assistance after attempting the items above, contact Quest Technical Support.

We hope this answers your questions about this issue. If you have any additional questions, please reach out to Tim Fritz, Foglight product manager, at