Log4j vulnerability in Yugabyte

Couple of weeks back Log4j security vulnerability was discovered. Does Yugabyte have Log4j vulnerability? If yes, any plan to fix it and release the patch?

Hi @ars1206 ! Thanks for reaching out. Below is Yugabyte’s official statement regarding the Log4j vulnerability:

" Yugabyte is aware of the recently disclosed Apache Log4j2 vulnerability (CVE-2021-44228). We have assessed the potential impact of the vulnerability on Yugabyte products and services and have confirmed that Yugabyte products and services are not affected. The Apache Log4j2 utility is a commonly used component for logging requests, but it is not used within Yugabyte products and services. We appreciate your trust and we continue to make your success our top priority."