FAQ - CVE-2021-44228 Common Issues and Questions

Updated -

Security Bulletin

Common Issues and Questions

Red Hat Product Related Article
AMQ 6 Are AMQ 6 or Fuse 6 affected by Log4J CVE-2021-44228?
AMQ 7 AMQ 7 and Log4J vulnerability CVE-2021-44228
AMQ Streams AMQ Streams 1.8.x Resolved Issues
AMQ Streams Working around CVE-2021-44228 with AMQ Streams
Apache Httpd Is Apache httpd in RHEL impacted by CVE-2021-44228?
CRW Is CodeReady Workspaces affected by Log4J vulnerability CVE-2021-44228?
CRS Is CodeReady Studio impacted by Log4J vulnerability CVE-2021-44228?
Fuse 6.3 Is pax-logging v1.9.1 in Fuse 6.3 affected by Log4J CVE-2021-44228 ?
Fuse 7 Karaf runtime Working around CVE-2021-44228 with Fuse 7 karaf runtime
Fuse 7 on OCP Working around CVE-2021-44228 with Fuse 7 applications on OpenShift
Fuse, AMQ Fuse, AMQ, and Log4J vulnerability CVE-2021-44228 -- what is vulnerable, and what to do about it?
JBoss EAP Is JBoss EAP 6.x/7.x impacted by log4j vulnerabilities CVE-2021-44228 or CVE-2021-4104?
JWS Is JWS Tomcat impacted by CVE-2021-44228?
Spring Boot Is Red Hat supported Spring Boot affected by Log4J CVE-2021-44228 ?
OCP 3 OCP3.11: CVE-2021-44228 affecting Elasticsearch (Red Hat OpenShift Logging)
OCP 4 OCP4: CVE-2021-44228 affecting Elasticsearch (Red Hat OpenShift Logging)
OCP 4 OCP4: CVE-2021-44228 affecting Metering Operator
OpenJDK Is OpenJDK impacted by log4j vulnerabilities CVE-2021-44228 or CVE-2021-4104?
RHDG Is Red Hat Data Grid 7.x/8.x impacted by CVE-2021-44228 or CVE-2021-4104?
RHEL Am I affected by CVE-2021-44228
RHOSP RHOSP13 Neutron / OpenDaylight - CVE-2021-44228 Vulnerability - log4j
RHPAM/RHDM Is RHPAM/RHDM affected by log4j issue CVE-2021-44228
RHSSO Is RH-SSO impacted by CVE-2021-44228 or CVE-2021-4104?
Satellite 6 Is Red Hat Satellite 6 impacted by the log4j vulnerability CVE-2021-44228?

5 Comments

Although I don't have any HTTP packages installed, we use CUPS, which enables us to access the Print Server via HTTP. Can this also be provided?

Thanks, Ryszard

Yes CUPS would be great if there is any fix. In the meantime I will deactive the webinterface (we just need it to add printer and for troubleshooting) and hopefully we can use that as a workaround.

Thanks BR Daniel

CUPS doesn't use log4j for logging. The CUPS daemon (cupsd) is written in C.

Thank you very much!

Thank you :-)