recent log4j vulnerability

does anyone know if Redgate products are, or could be, affected by the recently announced log4j vulnerability?
CVE-2021-44228

Answers

  • DarylDaryl Posts: 2 Bronze 1
    It would helpful to have an official comment, only if it says that they are investigating.
  • AndyBurnsAndyBurns Posts: 2 New member
    had an email response from them:

    Hi Andy,

    Thank you for your inquiry regarding Redgate products impact by the recent CVE-2021-44228 ‘Log4Shell’ vulnerability.

    Thankfully our external Redgate products are not impacted by this vulnerability as they are built upon .NET and are not susceptible. Our Flyway product does utilise Java and our development teams have ensured that it doesn’t ship using log4j / log4shell.

    A small number of our internal systems which had used the vulnerable version were thoroughly checked for any evidence of exploitation before being patched and updated.

    Redgate takes the security and privacy of its clients seriously and if you have further questions we will happily follow them through with our security team.

    Kind Regards,

    Sarah
    Customer Support Team
  • DarylDaryl Posts: 2 Bronze 1
    Many thanks Andy.
  • DeepDeep Posts: 20 Bronze 1
    Is SQL Toolbelt (SQL source Control, SQL Compare, SQL search, SQL Prompt etc.) part of external or Flyaway products. Can you please provide details on product names that are vulnerable to  log4j security bug.
Sign In or Register to comment.