recent log4j vulnerability

AndyBurnsAndyBurns Posts: 2 New member
in General Forum
does anyone know if Redgate products are, or could be, affected by the recently announced log4j vulnerability?
CVE-2021-44228
· Share on Twitter

Answers

  • DarylDaryl Posts: 2 Bronze 1
    It would helpful to have an official comment, only if it says that they are investigating.
    · Share on Twitter
  • AndyBurnsAndyBurns Posts: 2 New member
    had an email response from them:

    Hi Andy,

    Thank you for your inquiry regarding Redgate products impact by the recent CVE-2021-44228 ‘Log4Shell’ vulnerability.

    Thankfully our external Redgate products are not impacted by this vulnerability as they are built upon .NET and are not susceptible. Our Flyway product does utilise Java and our development teams have ensured that it doesn’t ship using log4j / log4shell.

    A small number of our internal systems which had used the vulnerable version were thoroughly checked for any evidence of exploitation before being patched and updated.

    Redgate takes the security and privacy of its clients seriously and if you have further questions we will happily follow them through with our security team.

    Kind Regards,

    Sarah
    Customer Support Team
    · Share on Twitter
  • DarylDaryl Posts: 2 Bronze 1
    Many thanks Andy.
    · Share on Twitter
  • DeepDeep Posts: 20 Bronze 1
    Is SQL Toolbelt (SQL source Control, SQL Compare, SQL search, SQL Prompt etc.) part of external or Flyaway products. Can you please provide details on product names that are vulnerable to  log4j security bug.
    · Share on Twitter
Sign In or Register to comment.