What to Know About the Log4j Vulnerability CVE-2021-44228

The Apache Log4j utility has a critical zero-day exploit known as Log4Shell (CVE-2021-44228) that affects multiple software products, including Couchbase Server Enterprise Edition and Couchbase Elasticsearch Connector, which can be mitigated by upgrading to fixed versions or applying workarounds such as removing the JndiLookup class from log4j jar files. The Couchbase Database-as-a-Service, Couchbase Capella, has temporarily disabled the ability to deploy the Analytics Service, while other products are not affected by this vulnerability. Customers are encouraged to review published Knowledge Base Articles for additional information on workarounds and fixes.