As you might have heard in the news, a critical vulnerability has been discovered in Log4j2 that is actively being exploited.
What is Going On?
A critical vulnerability has been discovered in Log4j that is actively being exploited. CVE-2021-44228, also named Log4Shell or LogJam, is a Remote Code Execution (RCE) class vulnerability. If attackers manage to exploit it on a server, they gain the ability to execute arbitrary code and can potentially take full control of the system.
What can iWeb/the Customer do to Defend Against This?
Currently, there is a newer version for Log4j available, or a workaround to mitigate the vulnerability. We at iWeb urge you to please check your own systems, and install the new version and or workarounds as soon as possible.
Where Can I Get More Information?
For more details please check: https://logging.apache.org/log4j/2.x/security.html