A vulnerability has been reported under the CVE-2021-44228 reference, affecting the Log4J2 (Log4J version 2) library, commonly used in applications for logging services.
CVE-2021-44228 impacts Log4J2 (Log4J version 2), which is not used in the Stambia Data Integration core components (Designer, Runtime and Analytics)
The Stambia core components use Log4J1 (Log4J version 1) which is not vulnerable to CVE-2021-44228 attacks as described in the CVE.
- Log4J1 (one) has other reported vulnerabilities which can be easily identified and mitigated.
- The only component shipping Log4J2 (Log4J version 2) is the ElasticSearch component, which is not impacted by the CVE (it is a transitive dependency not exposed to end-user).
The attached Security Notice provides detailed information.
Do not hesitate to contact our support team if you have additional questions or need further clarifications.