Hi Treasured node-red community.
Is there any indication from Devs if node-red might be affected by the log4j vulnerability?
Tech Solvency: The Story So Far: CVE-2021-44228 (Log4Shell log4j vulnerability).
Naturally we already avoid to expose any Node-RED page to the public internet.
However it pays to be safe. We have already had phishing attempts and door knocks related to this exploit at our organisation so we must take it seriously.
As a member of a Java team (during my daily job), I can confirm this. If I hear the word "log4j" once more today, then I am going to bang my head against the wall 
I'm so sorry for your loss! 
Ah, well perhaps be thankful that you don't have it buried away in critical services like we seem to have.
Thanks for your time with this everyone, appreciate it.
This is a useful link regarding what is impacted:
https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/#affected-products
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy