Log4j: CVE-2021-44228

nhosko · December 13, 2021, 7:33am

Hello,

in regard to the latest log4j vulnerability, I would like to know if there are any actions one must to do protect/update a server running hivemq CE?

sauroter · December 13, 2021, 7:57am

Hi @nhosko,

HiveMQ products and in extension HiveMQ CE are not affected by CVE-2021-44228 .

Currently, you don’t need to take any measures beyond standard best practices for securing a backend server (access control, firewalls, OS hardening, etc.).

For more information we released a blog post.

All the best
Georg

Edit: Added link to blog post.

Reinski · December 13, 2021, 12:17pm

Hello Georg,
thanks for the quick reaction!
Is this information also valid for older versions of HivMQ?

Greetings!
Reiner

sauroter · December 13, 2021, 12:20pm

Hi @Reinski ;

yes it is. We have released a blogpost regarding this:

https://www.hivemq.com/blog/hivemq-is-not-affected-by-log4shell/

All the best
Georg

Topic		Replies	Views
Any Plan To Address Version 1.3.3 Reported Vulnerabilities? HiveMQ Client Library	2	26	December 3, 2024
HiveMQ CE on Windows without admin rights HiveMQ Community Edition	2	810	September 6, 2019
SSL Exception in HiveMQ logs	3	414	August 24, 2022
Drawbacks of HiveMQ version 4.5	1	357	October 11, 2022
Key and Truststores in PKCS#12 format instead of JKS HiveMQ Community Edition	1	2386	October 10, 2019

Log4j: CVE-2021-44228

Related topics