6
responses

Posting this here for guidance or advice on how to mitigate the log4j vulnerability (CVE-2021-44228) that looks to be present in nxlog. Will an update be done or are there other mitigations that can be placed in the meantime? Configuration changes?

Found here in the nxlog documentation --> https://nxlog.co/documentation/nxlog-user-guide-full#nxlog_manager_config_logger

AskedDecember 10, 2021 - 9:31pm

Comments (4)

  • Atul's picture

    FYI

    This is the Issue created in NxLog-Community Edition repository in Gitlab https://gitlab.com/nxlog-public/nxlog-ce/-/issues/18

    It was closed stating The NXLog Community Edition does not use log4j.

Answer (1)

Hello,

We have posted in the News & Blog section regarding this recent vulnerability.
https://nxlog.co/news/apache-log4j-vulnerability-cve-2021-44228

The short story is that our only product to use Log4J is NXLog Manager, though it is not impacted.

Thank you!

Comments (1)