What are the challenges you face when working across database platforms? Take the survey

recent log4j vulnerability

does anyone know if Redgate products are, or could be, affected by the recently announced log4j vulnerability?


  • Options
    DarylDaryl Posts: 2 Bronze 1
    It would helpful to have an official comment, only if it says that they are investigating.
  • Options
    AndyBurnsAndyBurns Posts: 2 New member
    had an email response from them:

    Hi Andy,

    Thank you for your inquiry regarding Redgate products impact by the recent CVE-2021-44228 ‘Log4Shell’ vulnerability.

    Thankfully our external Redgate products are not impacted by this vulnerability as they are built upon .NET and are not susceptible. Our Flyway product does utilise Java and our development teams have ensured that it doesn’t ship using log4j / log4shell.

    A small number of our internal systems which had used the vulnerable version were thoroughly checked for any evidence of exploitation before being patched and updated.

    Redgate takes the security and privacy of its clients seriously and if you have further questions we will happily follow them through with our security team.

    Kind Regards,

    Customer Support Team

  • Options
    DarylDaryl Posts: 2 Bronze 1
    Many thanks Andy.
  • Options
    DeepDeep Posts: 20 Bronze 1
    Is SQL Toolbelt (SQL source Control, SQL Compare, SQL search, SQL Prompt etc.) part of external or Flyaway products. Can you please provide details on product names that are vulnerable to  log4j security bug.
Sign In or Register to comment.