Posting this here for guidance or advice on how to mitigate the log4j vulnerability (CVE-2021-44228) that looks to be present in nxlog. Will an update be done or are there other mitigations that can be placed in the meantime? Configuration changes?
Found here in the nxlog documentation --> https://nxlog.co/documentation/nxlog-user-guide-full#nxlog_manager_config_logger
Hello,
We have posted in the News & Blog section regarding this recent vulnerability.
https://nxlog.co/news/apache-log4j-vulnerability-cve-2021-44228
The short story is that our only product to use Log4J is NXLog Manager, though it is not impacted.
Thank you!
It is not impacted by CVE-2021-44228, that is correct... But, damn. Your weekend might be saved, but you should probably still look at that dependency.
This sums it up pretty well: https://twitter.com/cyb3rops/status/1470813159539814408
https://logging.apache.org/log4j/1.2/
Comments (4)
Hi NxLog Team,
It will be great if you can respond to this.
NXLog team, can you please comment on this?
Dear NxLog Team,
Is there any information available yet?
FYI
This is the Issue created in NxLog-Community Edition repository in Gitlab
https://gitlab.com/nxlog-public/nxlog-ce/-/issues/18It was closed stating
The NXLog Community Edition does not use log4j.