Updates and actions to address Log4j CVE 2021 44228 and CVE 2021 45046 in GitLab
Blog post from GitLab
GitLab has addressed the vulnerabilities associated with Log4j, specifically CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832, by updating their software components to the latest Log4j version, 2.17.1, as of January 22, 2022. The company has ensured that both their Self-managed and SaaS offerings have low exposure to these vulnerabilities, emphasizing that default configurations of GitLab's SAST and Dependency Scanning features are fully patched and secure. They have removed Log4j from certain analyzers and upgraded others, such as Spotbugs and Gemnasium-Maven, to mitigate any potential risks. GitLab continues to monitor the situation, recommending that customers using older versions or modified configurations upgrade to the latest versions. No malicious activity has been detected on GitLab.com, and the company's security and engineering teams remain vigilant in ensuring the security of their products and customers.
No tracked trend matches for this post yet.