*updated December 21, 2021
What is the Log4j Vulnerability?
If you use Apache Log4j, your application is vulnerable to hackers due to these vulnerabilities:
Through these vulnerabilities, hackers can remotely execute unauthenticated code, which means that hackers can steal data, install crypto miners, steal system credentials, etc.
In response to this, Airbrake has patched their Log4javabrake. This article will go over who needs to upgrade and how to upgrade.
Log4javabrake Upgrades and Patches
While the Airbrake service and API have not been impacted, customers using Log4javabrake are still open to potential security risks.
- Airbrake customers using the stand-alone javabrake notifier are NOT impacted.
- Airbrake customers using javabrake + log4javabrake (which uses log4j v1) SHOULD upgrade to javabrake + log4javabrake2 (v0.1.6).
- Airbrake customers using javabrake + log4javabrake2 v0.1.6 and earlier SHOULD upgrade to the latest, patched version of log4javabrake2 (v0.1.6).
Log4javabrake upgrade instructions can be found here: https://github.com/airbrake/log4javabrake2.
It is imperative that you upgrade your Log4javabrake as soon as possible to protect your application from security threats and breaches.
Additional Resources
What is CVE-2021-44228?
What is CVE-2021-45046?
What is CVE-2021-45105?
Log4Shell Help for Central Publishers: https://central.sonatype.org/news/20211213_log4shell_help/.