Node red and log4j vulnerability

Hi Treasured node-red community.

Is there any indication from Devs if node-red might be affected by the log4j vulnerability?
Tech Solvency: The Story So Far: CVE-2021-44228 (Log4Shell log4j vulnerability).

Naturally we already avoid to expose any Node-RED page to the public internet.
However it pays to be safe. We have already had phishing attempts and door knocks related to this exploit at our organisation so we must take it seriously.

2 Likes

As a member of a Java team (during my daily job), I can confirm this. If I hear the word "log4j" once more today, then I am going to bang my head against the wall :wink:

4 Likes

I'm so sorry for your loss! :frowning:

Ah, well perhaps be thankful that you don't have it buried away in critical services like we seem to have.

Thanks for your time with this everyone, appreciate it.

This is a useful link regarding what is impacted:

https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/#affected-products

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.