Vendor Patch ExistsVendor Resources
| Resource | Link |
|---|---|
| Apache Flink: Advise on Apache Log4j Zero Day (CVE-2021-44228) | https://flink.apache.org/2021/12/10/log4j-cve.html |
Community Resources
Community Notes
| Source | Note |
|---|---|
| NCSC-NL | CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix |
| CISAGov | To clarify and avoid confusion: The 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped because CVE-2021-45046 was discovered during the release publication. The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. |
| CISAGov | Last Update: 12/12/2021 |
Sources
| Date | Attribution | Description |
|---|---|---|
| 2021-12-27 15:29:04 | NCSC-NL | Updated vendorPatchExists. Updated community note. Updated community link source. |
| 2021-12-30 21:31:50 | CISAGov | Updated vendorPatchExists. Updated vendor link Apache Flink: Advise on Apache Log4j Zero Day (CVE-2021-44228). Updated community link https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html. Updated community note. Updated community note. |