zhill
commented
2 years ago Hi @LearnitRm ! No, Anchore Engine is not impacted by CVE-2021-44228 because it does not include any java code nor any log4j code.
Closed LearnitRm closed 2 years ago
zhill
commented
2 years ago Hi @LearnitRm ! No, Anchore Engine is not impacted by CVE-2021-44228 because it does not include any java code nor any log4j code.
LearnitRm
commented
2 years ago thankyou for the confirmation.
We deployed Anchore Engine as docker container : anchore-devsecops-anchore-engine-analyzer -- anchore-engine:v0.8.1 anchore-devsecops-anchore-engine-simplequeue -- anchore-engine:v0.8.1 anchore-devsecops-anchore-engine-api -- anchore-engine:v0.8.1 anchore-devsecops-anchore-engine-catalog -- anchore-engine:v0.8.1 anchore-devsecops-anchore-engine-policy -- anchore-engine:v0.8.1 anchore-devsecops-postgresql -- postgres:9.6.18
Is Anchore Engine impacted by recent log4j2 vulnerability CVE-2021-44228 ? If yes, what are the recommendations to get this fixed in Anchore Engine deployed to Cloud as container ?