IT Security Search does not use Apache Log4j, therefore is not affected by CVE-2021-44228
Log4j's use within ITSS is extremely limited:
1. Used by Elastic Search for basic logging
2. The logging is only console and file output
3. At absolutely no point do we, or have we ever used a JMSAppender
The instance of log4j currently shipped is out of support and has CVEs logged against it. This was eliminated in the 11.5 release onwards.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center