Graylog Announcements Nov 2021

dscryber · November 4, 2021, 7:38pm

GRAYLOG UPDATE FOR LOG4J

A zero-day vulnerability impacting version 2.0 <= 2.14.1 of the Apache Log4j 2 package was disclosed to the public on December 9.

Graylog uses the Log4j 2 Java library to record its own log information. Versions of this library earlier than 2.15.0 are vulnerable to a remote code execution attack, specifically when specially crafted values sent as user input will be logged by Graylog. For more details on the vulnerability, please refer to the CVE.

gsmith · November 5, 2021, 1:11am

Congrats Van Souza! way to pull that “W”

system · March 22, 2022, 12:48pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Log4j Vulnerability CVE-2021-44228 Graylog Central (peer support)	7	5124	December 27, 2021
Question about Log4j Vulnerability CVE-2021-44228 Graylog Central (peer support)	19	4223	January 5, 2022
Graylog.jar version low Graylog Central (peer support)	4	461	February 22, 2022
Dom4J Vulnerability Graylog Central (peer support)	2	606	March 4, 2019
Announcing Graylog v4.1.2 Updates and Upcoming Events	8	623	November 2, 2021

Graylog Announcements Nov 2021

GRAYLOG UPDATE FOR LOG4J

Related topics