This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228). CISA urges users and administrators to upgrade to Log4j 2.17.1 (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6), and review and monitor the Apache Log4j Security Vulnerabilities webpage for updates and mitigation guidance.
The information in this repository is provided "as is" for informational purposes only and is being assembled and updated by CISA through collaboration with the broader cybersecurity community. Inquire with the manufacturer or their respective online resources for the most up-to-date information regarding any specific product listed. CISA does not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring by CISA.
National Vulnerability Database (NVD) Information: CVE-2021-44228
When updates are available, agencies must update software using Log4j to the newest version, which is the most effective and manageable long-term option. Where updating is not possible, the following mitigating measures can be considered as a temporary solution and apply to the entire solution stack.
For more information regarding CISA recommended mitigation measures please visit here.
We welcome contributions! Please see CONTRIBUTING.md
for
details.
Instructions for creating a pull request using the GitHub Web UI can be found
in PULL-EXAMPLE.md
.
To view the full list of vendors & software click here.