Log4j Vulnerability?

Support forums for the Habitat Automate plugin
Post Reply
bmcfarlane
Posts: 18
Joined: Wed Jun 26, 2019 9:19 pm
4

Log4j Vulnerability?

Post by bmcfarlane »

We are doing due diligence on the Log4j vulnerability and checking with any plug in provider. Forgive me if I am ignorant of what components are used in the Habitat plug in but could you provide a statement of whether the plug-in is vulnerable to this threat or not? If it is, could you outline stop-gap steps needed to mitigate the vulnerability for now and then long term remediation plans?
Thanks - Brock

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Log4j Vulnerability?

Post by Cubert »

Great question!

Here is the office answer -> No, P4A plugins do not use, load or reference any Java libraries!

Why is this important?

Log4j is a Java library for logging error messages in applications. The library is developed by the open-source Apache Software Foundation and is a key Java-logging framework. Log4j is included in application such as Apache Struts2, Solr, Druid, Flink, and Swift frameworks.

I can not speak for the products we control? This includes ConnectWise, Mac, Linux and Windows operating systems and VMWare ESXi hosts software so you will need to make sure other venders are not using Java.

bmcfarlane
Posts: 18
Joined: Wed Jun 26, 2019 9:19 pm
4

Re: Log4j Vulnerability?

Post by bmcfarlane »

Great thank you very much!

Post Reply

Return to “Habitat”