Log4J2 Vulnerability and inspectIT Ocelot #1252
mariusoe
announced in
Announcement
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
As you may have seen in the news, a new zero-day exploit has been reported against the popular Log4J2 library which can allow an attacker to remotely execute code. The vulnerability has been reported with CVE-2021-44228 against the
log4j-corejar and has been fixed in Log4J v2.15.0.The inspectIT Ocelot Java Agent as well as its auxiliary components (e.g. the configuration or EUM server) are not affected by this vulnerability. The agent uses Logback as logging backend instead of Log4J2. The mentioned auxiliary components also used the logging framework Logback, which is used by Spring Boot (the underlying framework on which they are based) by default.
Beta Was this translation helpful? Give feedback.
All reactions