Statement Regarding Lockpoint and CVE-2021-44228 (Log4Shell) 2021-12-13
Date: December 13, 2021
Overview
The CVE-2021-44228 (Log4Shell) vulnerability, discovered in mid-December, impacts a number of Java-based applications.
Cenote Lockpoint is not vulnerable to CVE-2021-44228.
Details
Lockpoint does not bundle the impacted Log4j module, although it does make use of the Log4j implementation that is included in Confluence. Atlassian has indicated that Confluence is not vulnerable to this exploit in its default configuration, and so long as Confluence remains not vulnerable, neither is Lockpoint.
This statement applies to all released versions of Lockpoint (1.x, 2.x).
Questions
If you have any questions, please contact Cenote Support.