🎄 Happy Holidays! 🥳
Most of Solace is closed December 24–January 1 so our employees can spend time with their families. We will re-open Thursday, January 2, 2024. Please expect slower response times during this period and open a support ticket for anything needing immediate assistance.
Happy Holidays!
Please note: most of Solace is closed December 25–January 2, and will re-open Tuesday, January 3, 2023.
Solace Issue Notification: SOL-61111 CVE-2021-44228 & CVE-2021-45046 Apache Log4j JNDI Vulnerability
Sharing the latest product notification for those that aren't subscribed to the emails. Sorry for the screenshots, I couldn't find an easy way to nicely format the table with so much text quickly in markdown.
Solace Reference: SOL-61111
Summary: Solace is aware of the Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046 and is working to release fixes for all exposed products.
Solace has reviewed our full product portfolio and confirmed only the products listed below are exposed:
While only the above listed products are exposed to these vulnerabilities, we want to explicitly confirm that Solace brokers (appliances, software brokers, and Solace Cloud) and APIs (C, .NET, JCSMP, JMS, JavaRTO, Java, OpenMAMA, JavaScript, and Python) are not exposed. Note that while the APIs themselves are not exposed samples for some of the Java APIs include example Log4j configuration and applications using these APIs may have elected to use Log4j for logging.
If you have questions about this notification please contact Solace at support@solace.com.