Log4j is developed by the Apache Foundation and is widely used by both enterprise apps and cloud services. It was also revealed that CVE-2021-44228 impacts default configurations of multiple Apache frameworks, including Apache Struts2, Apache Solr, Apache Druid, Apache Flink, and others. The United States Cybersecurity and Infrastructure Security Agency also issued a statement from CISA Director Easterly on the log4j vulnerability.
The same day the vulnerability was announced, our Engineering team took immediate actions upon our servers and patch them appropriately. The only service provided by the cPanel software that uses the logging utility Log4j is cpanel-dovecot-solr. However, other services based on Java were also affected by this. Services like ElasticSearch versions before 7, custom Java based applications that may use Log4j, and separate Solr instances.
Our patch was applied across the whole fleet of servers, patching all of the possible services vulnerable to the new exploit only hours after the vulnerability was announced publicly.
The Apache Logging team released an update after it was discovered that certain non-default configurations were still vulnerable to the log4j exploit. Learn more about CVE-2021-45046. You can also read the Apache Logging site’s Security page for more information.
Powered by WHMCompleteSolution