security

Log4j Vulnerability

A critical security vulnerability CVE-2021-44228 has been identified in the popular “Apache Log4j 2” library (2.x <= 2.15.0-rc1). This has raised concerns among many dCache admins, who have contacted us either directly or by sending a message to securityÔądcache.org. Thanks for that! Log4j in dCache dCache uses logback as the default logging solution and does not distribute the Log4j library with officially released packages. It is therefore not affected. Log4j in ZooKeeper and Kafka Like many Java based projects, ZooKeeper and Apache Kafka use Log4j as their logging library.