FAQ - CVE-2021-44228 Common Issues and Questions

Updated -

Security Bulletin

Common Issues and Questions

Red Hat Product Related Article
AMQ 6 Are AMQ 6 or Fuse 6 affected by Log4J CVE-2021-44228?
AMQ 7 AMQ 7 and Log4J vulnerability CVE-2021-44228
AMQ Streams AMQ Streams 1.8.x Resolved Issues
AMQ Streams Working around CVE-2021-44228 with AMQ Streams
Apache Httpd Is Apache httpd in RHEL impacted by CVE-2021-44228?
CRW Is CodeReady Workspaces affected by Log4J vulnerability CVE-2021-44228?
CRS Is CodeReady Studio impacted by Log4J vulnerability CVE-2021-44228?
Fuse 6.3 Is pax-logging v1.9.1 in Fuse 6.3 affected by Log4J CVE-2021-44228 ?
Fuse 7 Karaf runtime Working around CVE-2021-44228 with Fuse 7 karaf runtime
Fuse 7 on OCP Working around CVE-2021-44228 with Fuse 7 applications on OpenShift
Fuse, AMQ Fuse, AMQ, and Log4J vulnerability CVE-2021-44228 -- what is vulnerable, and what to do about it?
JBoss EAP Is JBoss EAP 6.x/7.x impacted by log4j vulnerabilities CVE-2021-44228 or CVE-2021-4104?
JWS Is JWS Tomcat impacted by CVE-2021-44228?
Spring Boot Is Red Hat supported Spring Boot affected by Log4J CVE-2021-44228 ?
OCP 3 OCP3.11: CVE-2021-44228 affecting Elasticsearch (Red Hat OpenShift Logging)
OCP 4 OCP4: CVE-2021-44228 affecting Elasticsearch (Red Hat OpenShift Logging)
OCP 4 OCP4: CVE-2021-44228 affecting Metering Operator
OpenJDK Is OpenJDK impacted by log4j vulnerabilities CVE-2021-44228 or CVE-2021-4104?
RHDG Is Red Hat Data Grid 7.x/8.x impacted by CVE-2021-44228 or CVE-2021-4104?
RHEL Am I affected by CVE-2021-44228
RHOSP RHOSP13 Neutron / OpenDaylight - CVE-2021-44228 Vulnerability - log4j
RHPAM/RHDM Is RHPAM/RHDM affected by log4j issue CVE-2021-44228
RHSSO Is RH-SSO impacted by CVE-2021-44228 or CVE-2021-4104?
Satellite 6 Is Red Hat Satellite 6 impacted by the log4j vulnerability CVE-2021-44228?

5 Comments

Log in to comment
RM Community Member 99 points
15 December 2021 12:01 PM

Although I don't have any HTTP packages installed, we use CUPS, which enables us to access the Print Server via HTTP. Can this also be provided?

Thanks, Ryszard

DP Community Member 29 points
17 December 2021 7:25 PM

Yes CUPS would be great if there is any fix. In the meantime I will deactive the webinterface (we just need it to add printer and for troubleshooting) and hopefully we can use that as a workaround.

Thanks BR Daniel

Bryan Mason's picture Red Hat Expert 1288 points
17 December 2021 7:53 PM

CUPS doesn't use log4j for logging. The CUPS daemon (cupsd) is written in C.

DP Community Member 29 points
17 December 2021 8:08 PM

Thank you very much!

RM Community Member 99 points
20 December 2021 8:45 AM

Thank you :-)