Thank you for your inquiry regarding Redgate products impact by the recent
CVE-2021-44228 ‘Log4Shell’ vulnerability.
Thankfully our external Redgate products are not impacted by this vulnerability
as they are built upon .NET and are not susceptible. Our Flyway product does
utilise Java and our development teams have ensured that it doesn’t ship using
log4j / log4shell.
A small number of our internal systems which had used the vulnerable version
were thoroughly checked for any evidence of exploitation before being patched
and updated.
Redgate takes the security and privacy of its clients seriously and if you have
further questions we will happily follow them through with our security team.
Is SQL Toolbelt (SQL source Control, SQL Compare, SQL search, SQL Prompt etc.) part of external or Flyaway products. Can you please provide details on product names that are vulnerable to log4j security bug.
Answers
Hi Andy,
Thank you for your inquiry regarding Redgate products impact by the recent CVE-2021-44228 ‘Log4Shell’ vulnerability.
Thankfully our external Redgate products are not impacted by this vulnerability as they are built upon .NET and are not susceptible. Our Flyway product does utilise Java and our development teams have ensured that it doesn’t ship using log4j / log4shell.
A small number of our internal systems which had used the vulnerable version were thoroughly checked for any evidence of exploitation before being patched and updated.
Redgate takes the security and privacy of its clients seriously and if you have further questions we will happily follow them through with our security team.
Kind Regards,
SarahCustomer Support Team