Is SQL Monitor product impacted by the recently discovered log4j vulnerability

Hello. Does anybody know whether the SQL Monitor product impacted by the recently discovered log4j vulnerability?

Tagged:

Answers

  • Hi @agurvits,

    TL;DR - No, SQL Monitor is not impacted by the the CVE-2021-44228 ‘Log4Shell’ vulnerability.

    Longer:
    Our external Redgate products (including SQL Monitor) are not impacted by the CVE-2021-44228 ‘Log4Shell’ vulnerability as they are built upon .NET and are not susceptible (our Flyway product does utilise Java and our development teams have ensured that it doesn’t ship using log4j / log4shell).

    A small number of our internal systems which had used the vulnerable version were thoroughly checked for any evidence of exploitation before being patched and updated.  Redgate takes the security and privacy of its clients seriously and if you have further questions we will happily follow them through with our security team.

    Kind regards
    Alex


    Product Support Engineer | Redgate Software

    Have you visited our Help Center?
  • daryooshdaryoosh Posts: 1 New member
    Hi Alex,

    How about SQL Compare and SQL Data Compare?

    Thanks,

    Daryoosh
  • Hi @daryoosh

    Apologies for not being clearer - none of our tools are affected by this - (that was this bit above "Our external Redgate products <...> are not impacted").

    Our Flyway product does not ship with log4j, but could have used affected versions of this if the customer had it on their machine.  The team have made a change to ensure it now requires unaffected versions of log4j and so will no longer use the affected versions of log4j - see https://flywaydb.org/blog/flyway-log4j-vulnerability for more information on that.

    Kind regards,
    Alex

    Product Support Engineer | Redgate Software

    Have you visited our Help Center?
Sign In or Register to comment.