Comments on: Log4JShell Vulnerability Update https://www.percona.com/blog/log4jshell-vulnerability-update/ Wed, 22 Dec 2021 12:28:47 +0000 hourly 1 https://wordpress.org/?v=6.5.2 By: David Busby https://www.percona.com/blog/log4jshell-vulnerability-update/#comment-10973448 Wed, 22 Dec 2021 12:28:47 +0000 https://www.percona.com/blog/?p=79327#comment-10973448 @michal,

Grafana in PMM is goLang based, not JAVA based, as such this does not contain the log4J JAVA library.

This is confirmed here: https://community.grafana.com/t/to-be-clear-is-grafana-affected-by-log4j-vulnerability/57600 && https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/ and discussion is here: https://github.com/grafana/grafana/issues/43000

This does not extend onto the data sources you may hook into PMM of course, and you should review your infrastructure to ensure that there is not a vulnerable log4J version running within.

Cheers

David

]]> By: Michał https://www.percona.com/blog/log4jshell-vulnerability-update/#comment-10973447 Tue, 21 Dec 2021 15:21:19 +0000 https://www.percona.com/blog/?p=79327#comment-10973447 What about Grafana in PMM?

]]>