Vendor Resources
Resource | Link |
---|---|
APACHE CAMEL AND CVE-2021-44228 (LOG4J) | https://camel.apache.org/blog/2021/12/log4j2/ |
Community Resources
Resource | Link |
---|---|
source | https://camel.apache.org/blog/2021/12/log4j2/ |
Community Notes
Source | Note |
---|---|
NCSC-NL | CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln |
CISAGov | Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4. |
CISAGov | Last Update: 12/13/2021 |
Sources
Date | Attribution | Description |
---|---|---|
2021-12-27 15:29:04 | NCSC-NL | Updated communityNotVulnerable. Updated community note. Updated community link source. |
2021-12-30 21:31:50 | CISAGov | Updated communityVulnerable. Updated vendorPatchExists. Updated vendor link APACHE CAMEL AND CVE-2021-44228 (LOG4J). Updated community note. Updated community note. |
Expand Details