Not VulnerableVendor Resources
| Resource | Link |
|---|---|
| Sonatype Vulnerability Statement | https://help.sonatype.com/docs/important-announcements/sonatype-product-log4j-vulnerability-status |
Community Resources
| Resource | Link |
|---|---|
| Sonatype Vulnerability Statement | https://blog.sonatype.com/a-new-0-day-log4j-vulnerability-discovered-in-the-wild |
Community Notes
| Source | Note |
|---|---|
| CISAGov | Sonatype uses logback as the default logging solution as opposed to log4j. This means our software including Nexus Lifecycle, Nexus Firewall, Nexus Repository OSS and Nexus Repository Pro in versions 2.x and 3.x are NOT affected by the reported log4j vulnerabilities. We still advise keeping your software upgraded at the latest version. |
| CISAGov | Last Update: 12/29/2021 |
Sources
| Date | Attribution | Description |
|---|---|---|
| 2021-12-31 9:06:53 | NCSC-NL | Updated community link Sonatype Vulnerability Statement. |
| 2021-12-30 21:31:50 | CISAGov | Updated communityNotVulnerable. Updated vendor link Sonatype Vulnerability Statement. Updated community note. Updated community note. |