opsi is not affected by the log4j exploit

Beiträge: 37
Registriert: 22 Aug 2014, 09:13

opsi is not affected by the log4j exploit

Beitrag von m.scalese »

Dear opsi users,

Lately we have received more and more enquiries whether opsi is affected by the known log4j vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2021-44228) As java components opsi has the opsi-configed and the opsi-logviewer. Both components do not use the log4j module. Likewise, there is currently no verified vulnerability for this exploit in the third-party libraries used by opsi. Therefore, opsi (4.1 & 4.2) is not affected by this vulnerability as of today.

Even if the opsi systems are not directly affected, we strongly recommend to update all of your opsi systems. Should this exploit appear somewhere in connection with the opsi system, we ask for your feedback. Should a vulnerability be found afterwards, we will of course contact you with a fix as soon as possible.

With kind regards
Your opsi team.
opsi support - uib gmbh
For productive opsi installations we recommend support contracts.