Overview

A remote code execution vulnerability was found in a popular Java logging library log4j2. The vulnerability is tracked as CVE-2021-44228. The issue affects a wide variety of software and services on the internet due to the popularity of the library.

Current status

All Aiven services and infrastructure are patched against the issue.

Impact to Aiven services

We have reviewed all of our services and determined there to be limited impact: mainly to Elasticsearch and Opensearch based services, which were all patched on December 11th 2021.

Impact by service type

  • Aiven for Elasticsearch - Impacted, all services PATCHED

  • Aiven for Opensearch - Impacted, all services PATCHED

  • Aiven for Apache Flink (a beta service) - Impacted, all services PATCHED

  • Aiven for Apache Cassandra - Not impacted

  • Aiven for Apache Kafka - Not impacted

  • Aiven for Apache Kafka Connect - Not impacted

  • Aiven for Apache Kafka Mirrormaker 2 - Not impacted

  • Aiven for PostgreSQL - Not impacted

  • Aiven for MySQL - Not impacted

  • Aiven for Redis - Not impacted

  • Aiven for Grafana - Not impacted

  • Aiven for M3 / Aggregator - Not impacted

  • Aiven for InfluxDB - Not impacted

  • Aiven's own infrastructure - Not impacted

Further information

Did this answer your question?