Neverfail Official Statement On Apache Log4j Vulnerability (CVE-2021-44228)

Neverfail Official Statement On Apache Log4j Vulnerability (CVE-2021-44228)

Summary

This Knowledgebase provides information regarding the Apache Log4j security vulnerability (CVE-2021-44228). UPDATED March, 21 2022

More Information

It has come to Neverfail’s attention that a vulnerability classified under the highest severity mark of 10 has affected Apache Log4j v2. Neverfail is aware of this vulnerability. This is an open source Java library that is used by many software providers around the world.

Neverfail Continuity Engine has recently released a new version (v9 UPDATE 3) which fully addresses concerns over Apache Log4j. The current version of Continuity Engine now uses the latest version (2.17) of Apache Log4j APIs.  Continuity Engine in previous (legacy) versions ONLY used Log4j to write out its own system logs. This is why Neverfail found the risk to be very low. Although Continuity Engine does not use components that exhibit the vulnerabilities that we have seen when certain Log4j APIs are used, Continuity Engine was using the older version 1 of the APIs that are no longer supported.  

Therefore in December 2021, Neverfail made a decision to update Continuity Engine to the latest version of Log4j so there was no "perception" of vulnerability and it will use supported APIs where the (CVE-2021-44228) vulnerabilities have been remediated.

For more information on how to upgrade to version 9 UPDATE 3, please see the following links:

For more information on how to upgrade from Continuity Engine 8.5 and below: https://neverfail.com/product/continuity-engine/

If you would like assistance with the upgrade process, Neverfail Professional Services are here to help! Please contact your Neverfail Account Manager at sales@neverfail.com and they will be able to give you professional services options to assist with the upgrade process.

Applies To

Neverfail Continuity Engine v8.x up to v9.x



    • Related Articles

    • Neverfail Official Statement On Spring Framework RCE Vulnerability

      Summary This Knowledgebase article provides information regarding the Spring Framework RCE vulnerability as detailed in the following article: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement More Information It has come to ...
    • Neverfail for Apache Tomcat Plug-in v201.5.1 - Release Notes

      About Neverfail for Apache Tomcat Plug-in Neverfail for Apache Tomcat Plug-in provides protection and proactively monitors the Apache Tomcat environment’s configuration data, services, and application data files. Supported Versions and Platforms ...
    • Neverfail Continuity Engine v8.5 - Release Notes

      Summary This Knowledge base article provides information about the 8.5 release of Neverfail Continuity Engine and all subsequent updates to this release. Neverfail Continuity Engine v8.5 Update 7 The following information applies to ...
    • Neverfail for Exchange Plug-in v201.5.8 - Release Notes

      About Neverfail for Exchange Plug-in This Knowledgebase article provides information about this specific release of the Neverfail for Exchange Plug-in V201.5.8   The Neverfail for Exchange Plug-in provides protection for critical data, services, and ...
    • Neverfail for Exchange Plug-in v201.5.9 - Release Notes

      About Neverfail for Exchange Plug-in This Knowledgebase article provides information about this specific release of the Neverfail for Exchange Plug-in V201.5.9. The Neverfail for Exchange Plug-in provides protection for critical data, services, and ...