Apache Log4j 2 is a popular Java logging library. During December 2021, Apache released new versions to address several vulnerabilities.
What Elastx is doing
The security flaws did not affect any components in Elastx platform offerings.
An internal support system for operational monitoring was affected and patched on the 10th (CVE-2021-44228), 17th (CVE-2021-45046) and 20th of December (CVE-2021-45105). This system is not exposed outside of our internal network and we have no indications that it has been compromised.
What our customers should do
If you are using Apache Log4j 2, we recommend that you follow the guidelines provided by the following sources:
https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance (English)
https://www.cert.se/2021/12/uppdatering-om-det-allvarliga-laget-gallande-sarbarheten-i-log4j (Swedish)