Are you curious about the log4j vulnerability?

You may have heard about the recent log4j vulnerability news making the rounds over the internet recently.

There is nothing that we’ve seen with using Cleavr’s installed packages that presents this vulnerability. However, that doesn’t mean that your server doesn’t contain the vulnerability by some other means.

If you are interested to see if your servers are impacted, we found this checker that you can run to check:

Of course, the maintainers of the above checker do mention not to expect this to be 100%, but should provide a good indication.

Hi Adam,
thanks for sharing. Am I right about the your server isn’t vulnerable if it doesn’t run Java?

Yes - that is our understanding. Log4j is a logging library used for Java-based apps.