Graylog Announcements Nov 2021

dscryber · November 4, 2021, 7:38pm

GRAYLOG UPDATE FOR LOG4J

A zero-day vulnerability impacting version 2.0 <= 2.14.1 of the Apache Log4j 2 package was disclosed to the public on December 9.

Graylog uses the Log4j 2 Java library to record its own log information. Versions of this library earlier than 2.15.0 are vulnerable to a remote code execution attack, specifically when specially crafted values sent as user input will be logged by Graylog. For more details on the vulnerability, please refer to the CVE.

gsmith · November 5, 2021, 1:11am

Congrats Van Souza! way to pull that “W”

system · March 22, 2022, 12:48pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog.jar version low Graylog Central (peer support)	4	414	February 22, 2022
Dom4J Vulnerability Graylog Central (peer support)	2	567	March 4, 2019
Announcing Graylog v4.1.2 Updates and Upcoming Events	8	586	November 2, 2021
Could we have Graylog 3.3.17 with log4j 2.17? Graylog Central (peer support)	3	552	February 14, 2022
Announcing Graylog v4.2 Release Candidate Updates and Upcoming Events	4	846	January 5, 2022

Graylog Announcements Nov 2021

GRAYLOG UPDATE FOR LOG4J

Related Topics