Solace Issue Notification: SOL-61111 CVE-2021-44228 & CVE-2021-45046 Apache Log4j JNDI Vulnerability

marc
marc Member, Administrator, Moderator, Employee Posts: 959 admin

Sharing the latest product notification for those that aren't subscribed to the emails. Sorry for the screenshots, I couldn't find an easy way to nicely format the table with so much text quickly in markdown.

Solace Reference: SOL-61111
Summary: Solace is aware of the Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046 and is working to release fixes for all exposed products.

Solace has reviewed our full product portfolio and confirmed only the products listed below are exposed:


While only the above listed products are exposed to these vulnerabilities, we want to explicitly confirm that Solace brokers (appliances, software brokers, and Solace Cloud) and APIs (C, .NET, JCSMP, JMS, JavaRTO, Java, OpenMAMA, JavaScript, and Python) are not exposed. Note that while the APIs themselves are not exposed samples for some of the Java APIs include example Log4j configuration and applications using these APIs may have elected to use Log4j for logging.

If you have questions about this notification please contact Solace at support@solace.com.

This discussion has been closed.