Log4j2 Vulnerability

As has been announced, there has been a zero-day discovery of open-source Apache “Log4j2” utility, the Java logging library, that could result in Remote Code Execution (RCE) if log4j logs an attacker-controlled string value without proper validation. More details about it can be found here: CVE-2021-44228.

Rivery does not leverage or directly use Java or the version of log4j known to be affected by the vulnerability.

We strongly encourage customers who manage environments containing Log4j2 in their sources, targets and internal services to update to the latest version, available at: Log4j – Download Apache Log4j 2 or their operating system’s software update mechanism.