Overview
A remote code execution vulnerability was found in a popular Java logging library log4j2. The vulnerability is tracked as CVE-2021-44228. The issue affects a wide variety of software and services on the internet due to the popularity of the library.
Current status
All Aiven services and infrastructure are patched against the issue.
Impact to Aiven services
We have reviewed all of our services and determined there to be limited impact: mainly to Elasticsearch and Opensearch based services, which were all patched on December 11th 2021.
Impact by service type
Aiven for Elasticsearch - Impacted, all services PATCHED
Aiven for Opensearch - Impacted, all services PATCHED
Aiven for Apache Flink (a beta service) - Impacted, all services PATCHED
Aiven for Apache Cassandra - Not impacted
Aiven for Apache Kafka - Not impacted
Aiven for Apache Kafka Connect - Not impacted
Aiven for Apache Kafka Mirrormaker 2 - Not impacted
Aiven for PostgreSQL - Not impacted
Aiven for MySQL - Not impacted
Aiven for Redis - Not impacted
Aiven for Grafana - Not impacted
Aiven for M3 / Aggregator - Not impacted
Aiven for InfluxDB - Not impacted
Aiven's own infrastructure - Not impacted