Log4j: CVE-2021-44228

nhosko · December 13, 2021, 7:33am

Hello,

in regard to the latest log4j vulnerability, I would like to know if there are any actions one must to do protect/update a server running hivemq CE?

sauroter · December 13, 2021, 7:57am

Hi @nhosko,

HiveMQ products and in extension HiveMQ CE are not affected by CVE-2021-44228 .

Currently, you don’t need to take any measures beyond standard best practices for securing a backend server (access control, firewalls, OS hardening, etc.).

For more information we released a blog post.

All the best
Georg

Edit: Added link to blog post.

Reinski · December 13, 2021, 12:17pm

Hello Georg,
thanks for the quick reaction!
Is this information also valid for older versions of HivMQ?

Greetings!
Reiner

sauroter · December 13, 2021, 12:20pm

Hi @Reinski ;

yes it is. We have released a blogpost regarding this:

https://www.hivemq.com/blog/hivemq-is-not-affected-by-log4shell/

All the best
Georg

Topic		Replies	Views
HiveMQ Libraries Vulnerable in Docker Image Vulnerabilities HiveMQ Commercial Offerings	1	640	March 18, 2020
Starting Hivemq	8	1975	May 9, 2019
Error starting HiveMQ node after upgrading to 4.5 HiveMQ Commercial Offerings	3	745	January 15, 2021
Linux server patch and rocksdb java.lang.UnsatisfiedLinkError	0	486	April 21, 2021
$SYS topic Plugin JAR HiveMQ Extensions	6	827	July 6, 2021

Log4j: CVE-2021-44228

Related Topics