Log4j Security Update

ESO is dedicated to keeping your data safe, secure, and available. While at this time we have not seen any evidence of ESO’s systems being compromised by the log4j security vulnerability, we are working to ensure that our products reflect the most up-to-date security standards.

Please find the latest updates below:

• In response to CVE-2021-44228|| CVE-2021-45046 || CVE-2021-45105 the ESO teams have updated all log4j libraries to 2.17 for all ESO products.
• Given the critical and immediate threats posed by CVE-2021-44228 || CVE-2021-45046 all systems were emergency patched to 2.16 outside our normal patching cadence. 2.17 was applied as part of our normal patching cadence.
• Exploit CVE-2021-44832will be patched in accordance with our normal patching cadence.  ESO will continue to monitor for additional vulnerabilities that may arise from log4j and respond as appropriate.

No action is required from our users at this time.