Options

Any use of Apache's log4j by RedGate?

BHughesBHughes Posts: 7 New member
in General Forum
Currently scanning systems for this Apache log4j issue, and wondering if there is any concern of its use by RedGate products.  We're using SQL Monitor and Toolbelt.
Tagged:
· Share on Twitter

Answers

  • Options
    Sarah BSarah B Posts: 119 Silver 2
    Hi @BHughes

    Thanks for your inquiry regarding Redgate products impact by the recent CVE-2021-44228 ‘Log4Shell’ vulnerability.

    Thankfully our external Redgate products are not impacted by this vulnerability as they are built upon .NET and are not susceptible. Our Flyway product does utilise Java and our development teams have ensured that it doesn’t ship using log4j / log4shell.

    A small number of our internal systems which had used the vulnerable version were thoroughly checked for any evidence of exploitation before being patched and updated.

    Redgate takes the security and privacy of its clients seriously and if you have further questions we will happily follow them through with our security team.
    Sarah Beckett| Customer Support| Redgate Software
    Have you visited our Help Center? 
    · Share on Twitter
Sign In or Register to comment.