Rashid Maknin, Senior Product Manager
1 min read
On December 9, 2021, a very serious vulnerability in the popular Java-based logging package Log4j was disclosed.
This vulnerability allows an attacker to execute code on a remote server; a so-called Remote Code Execution (RCE). Because of the widespread use of Java and Log4j, this is likely one of the most serious vulnerabilities on the Internet since both Heartbleed and ShellShock.
It is CVE-2021-44228 and affects version 2 of Log4j between versions 2.0-beta-9 and 2.14.1. It is patched in 2.15.0.
[UPDATE] An additional vulnerability was found in Log4j version 2.15. It is now patched in 2.16.
Y Soft's Safeq Cloud
SAFEQ Cloud uses Java-based software and Log4j version 2.
Immediately when this vulnerability was discovered and a patched version 2.15 was ready, we implemented it in SAFEQ Cloud and are happy to report that it has already been included in a live production of SAFEQ Cloud version 3.18.2 which was released on Saturday, December 11, 2021.
We strongly recommend customers having SAFEQ Cloud secondary gateways or running SAFEQ Cloud in private clouds, update their SAFEQ Cloud installations as soon as possible.
Secondary SAFEQ Cloud gateways can be upgraded remotely from within the admin Web UI and the Servers screen under the customer account. More information on updating secondary gateways can be found in the documentation section 5.20.1. Remote Update of Secondary Gateways.
Customers using private cloud installation can do simple over-the-top upgrades. More information can be found in section 4.6. Update a server of the documentation.
[UPDATE] SAFEQ Cloud 3.18 has been upgraded to log4j version 2.16. Although the vulnerability identified does not affect SAFEQ Cloud, our team wants to ensure SAFEQ Cloud is up-to-date with the latest security enhancements for the log4j library. We advise all our partners with SAFEQ Cloud secondary gateways and SAFEQ Cloud private clouds to upgrade to HCP 3.18.3.
Related Knowledge Base Articles
Click the links below to learn more about print security and vulnerability:
