Apache Log4j Vulnerability - No impact to the Keen platform
Incident Report for Keen
Keen is aware of a new, critical vulnerability in the Apache Log4j library, CVE-2021-44228. Our Engineering team investigated the impact of the Log4j remote code execution vulnerability and have determined that no part of our platform is vulnerable. We use Logback as a primary logging framework. On the other hand our Apache Kafka, Apache Zookeeper, Apache Storm and Apache Cassandra currently use Log4j 1.2.17, which is not affected by this issue. We are not at risk of breach via the above vulnerability.
Posted Dec 13, 2021 - 10:00 PST