Any use of Apache's log4j by RedGate?

Currently scanning systems for this Apache log4j issue, and wondering if there is any concern of its use by RedGate products.  We're using SQL Monitor and Toolbelt.


  • Hi @BHughes

    Thanks for your inquiry regarding Redgate products impact by the recent CVE-2021-44228 ‘Log4Shell’ vulnerability.

    Thankfully our external Redgate products are not impacted by this vulnerability as they are built upon .NET and are not susceptible. Our Flyway product does utilise Java and our development teams have ensured that it doesn’t ship using log4j / log4shell.

    A small number of our internal systems which had used the vulnerable version were thoroughly checked for any evidence of exploitation before being patched and updated.

    Redgate takes the security and privacy of its clients seriously and if you have further questions we will happily follow them through with our security team.
    Sarah Beckett| Customer Support| Redgate Software
    Have you visited our Help Center? 
Sign In or Register to comment.