Skip to main content
Event   Next stop of the Qlik AI Reality Tour 2024 is Liechtenstein – Mail & Deploy will be there!

Mail & Deploy is NOT impacted by Apache Log4j Vulnerability (CVE-2021-44228)

Support
Apache Log4j Vulnerability report

We are aware of the vulnerability and have completed verification that this issue DOES NOT affect Mail & Deploy software or services. 

A newly revealed vulnerability impacting Apache Log4j 2 versions 2.0 to 2.14.1 was disclosed on GitHub on 9 December 2021 and registered as CVE-2021-44228 with the highest severity rating. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. By utilizing this vulnerability, a remote attacker could take control of the affected system.

For those who are concerned about closing third-party vulnerabilities (i.e., products aside from Mail & Deploy), the following are some proactive measures organizations can take to reduce the risk posed by CVE-2021-44228:

  • Upgrade to Apache og4j-2.1.50.rc2, as all prior 2.x versions are vulnerable
  • For Log4j version 2.10.0 or later, block JNDI from making requests to untrusted servers by setting the configuration value log4j2.formatMsgNoLookups to “TRUE” to prevent LDAP and other queries
  • Default both com.sun.jndi.rmi.object.trustURLCodebase and com.sun.jndi.cosnaming.object.trustURLCodebase to “FALSE” to prevent Remote Code Execution attacks in Java 8u121

Should you have any further questions or queries, please contact us via support@mail-and-deploy.com

Share article