Neverfail Official Statement On Apache Log4j Vulnerability (CVE-2021-44228)

Neverfail Official Statement On Apache Log4j Vulnerability (CVE-2021-44228)

Summary

This Knowledgebase provides information regarding the Apache Log4j security vulnerability (CVE-2021-44228). UPDATED March, 21 2022

More Information

It has come to Neverfail’s attention that a vulnerability classified under the highest severity mark of 10 has affected Apache Log4j v2. Neverfail is aware of this vulnerability. This is an open source Java library that is used by many software providers around the world.

Neverfail Continuity Engine has recently released a new version (v9 UPDATE 3) which fully addresses concerns over Apache Log4j. The current version of Continuity Engine now uses the latest version (2.17) of Apache Log4j APIs.  Continuity Engine in previous (legacy) versions ONLY used Log4j to write out its own system logs. This is why Neverfail found the risk to be very low. Although Continuity Engine does not use components that exhibit the vulnerabilities that we have seen when certain Log4j APIs are used, Continuity Engine was using the older version 1 of the APIs that are no longer supported.  

Therefore in December 2021, Neverfail made a decision to update Continuity Engine to the latest version of Log4j so there was no "perception" of vulnerability and it will use supported APIs where the (CVE-2021-44228) vulnerabilities have been remediated.

For more information on how to upgrade to version 9 UPDATE 3, please see the following links:

For more information on how to upgrade from Continuity Engine 8.5 and below: https://neverfail.com/product/continuity-engine/

If you would like assistance with the upgrade process, Neverfail Professional Services are here to help! Please contact your Neverfail Account Manager at sales@neverfail.com and they will be able to give you professional services options to assist with the upgrade process.

Applies To

Neverfail Continuity Engine v8.x up to v9.x



    • Related Articles

    • Neverfail Official Statement On Spring Framework RCE Vulnerability

      Summary This Knowledgebase article provides information regarding the Spring Framework RCE vulnerability as detailed in the following article: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement More Information It has come to ...
    • Apache Tomcat Plugin v201.5.1 - Release Notes

      About Apache Tomcat Plugin Apache Tomcat Plugin provides protection and proactively monitors the Apache Tomcat environment’s configuration data, services, and application data files. Supported Versions and Platforms Apache Tomcat 9.x.x Apache Tomcat ...
    • Apache Tomcat Plugin v201.5.2 - Release Notes

      About Apache Tomcat Plugin Apache Tomcat Plugin provides protection and proactively monitors the Apache Tomcat environment’s configuration data, services, and application data files. What's new support for Apache Tomcat 10.x.x Fix for [EN-6441]: ...
    • Neverfail for Exchange Plug-in v201.5.8 - Release Notes

      About Neverfail for Exchange Plug-in This Knowledgebase article provides information about this specific release of the Neverfail for Exchange Plug-in V201.5.8   The Neverfail for Exchange Plug-in provides protection for critical data, services, and ...
    • Neverfail for Mitel MiContact Center Plug-in v201.5.2 - Release Notes

      About Neverfail for Mitel MiContact Center Plug-in Neverfail for Mitel MiContact Center Plug-in provides protection and proactively monitors the Mitel MiContact environment’s configuration data, services, and application data files. Supported ...