How can we help you today? How can we help you today?

recent log4j vulnerability

does anyone know if Redgate products are, or could be, affected by the recently announced log4j vulnerability?
CVE-2021-44228
Andy Burns
0

Comments

4 comments

Sort by
  • Daryl
    It would helpful to have an official comment, only if it says that they are investigating.
    Daryl
    0
  • AndyBurns
    had an email response from them:

    Hi Andy,

    Thank you for your inquiry regarding Redgate products impact by the recent CVE-2021-44228 ‘Log4Shell’ vulnerability.

    Thankfully our external Redgate products are not impacted by this vulnerability as they are built upon .NET and are not susceptible. Our Flyway product does utilise Java and our development teams have ensured that it doesn’t ship using log4j / log4shell.

    A small number of our internal systems which had used the vulnerable version were thoroughly checked for any evidence of exploitation before being patched and updated.

    Redgate takes the security and privacy of its clients seriously and if you have further questions we will happily follow them through with our security team.

    Kind Regards,

    Sarah
    Customer Support Team
    AndyBurns
    0
  • Daryl
    Many thanks Andy.
    Daryl
    0
  • Deep
    Is SQL Toolbelt (SQL source Control, SQL Compare, SQL search, SQL Prompt etc.) part of external or Flyaway products. Can you please provide details on product names that are vulnerable to  log4j security bug.
    Deep
    0

Add comment

Please sign in to leave a comment.