⚠️ OPSWAT Central Management v7 and My OPSWAT On-Premises (My OPSWAT Central Management v8) will reach End of Sale on July 31, 2025, and End of Life on January 31, 2027. We encourage you to upgrade to My OPSWAT Central Management v10 before Janauary 31, 2027, to ensure continued support and access to the latest features.

How to mitigate the vulnerabilities related to the Apache Log4j library?

We are following up in reference to the vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832, which have been discovered in Apache Log4j and may allow attacks such as remote code execution or denial of service.

OPSWAT Central Management uses the Apache Log4j library as one of its dependencies. Out of an abundance of caution, we recommend customers to upgrade OCM to the version 7.21 or later to mitigate vulnerabilities.

In a previous version of this article, we recommended setting the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS with the value true for OPSWAT Central Management version 7.20 or earlier. Please note that this measure has been discredited by the Apache Log4j team because it does not sufficiently cover all attack vectors.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
On This Page
How to mitigate the vulnerabilities related to the Apache Log4j library?