Graylog Announcements Nov 2021


A zero-day vulnerability impacting version 2.0 <= 2.14.1 of the Apache Log4j 2 package was disclosed to the public on December 9.

Graylog uses the Log4j 2 Java library to record its own log information. Versions of this library earlier than 2.15.0 are vulnerable to a remote code execution attack, specifically when specially crafted values sent as user input will be logged by Graylog. For more details on the vulnerability, please refer to the CVE.

Congrats Van Souza! way to pull that “W” :smiley:

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.