The Apache Software Foundation has released an emergency security update that resolves the remote code execution vulnerability of Log4j 2, CVE-2021-44228.

Log4j is a Java-based open source program used to generate logs while writing a program. This vulnerability can cause damage such as malware infection, so users of this version are advised to update to the latest version.

Currently, it is determined that the vulnerability does not affect WhiteDefender products, and we are monitoring to respond to related threats.

thank you

• Vulnerability details

  Remote code execution vulnerability occurring in Apache Log4j 2 (CV3-2021-44228) (Java-based open source used to leave logs while writing programs)

• Affected Version

  Apache Log4j 2.0-beta9 ~ 2.14.1 all versions

• Solutions

  Apply update to the latest version (2.15.0) through the manufacturer's website. If it is difficult to update to the latest version, check the version you are using and apply version-specific measures.

• reference site

  https://logging.apache.org/log4j/2.x/
  https://www.boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=36389