Home / Companies / GitLab / Blog / Post Details
Content Deep Dive

Updates and actions to address Log4j CVE 2021 44228 and CVE 2021 45046 in GitLab

Blog post from GitLab

Post Details
Company
Date Published
Author
GitLab
Word Count
954
Company Posts That Month
18
Language
English
Hacker News Points
-
Summary

GitLab has addressed the vulnerabilities associated with Log4j, specifically CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832, by updating their software components to the latest Log4j version, 2.17.1, as of January 22, 2022. The company has ensured that both their Self-managed and SaaS offerings have low exposure to these vulnerabilities, emphasizing that default configurations of GitLab's SAST and Dependency Scanning features are fully patched and secure. They have removed Log4j from certain analyzers and upgraded others, such as Spotbugs and Gemnasium-Maven, to mitigate any potential risks. GitLab continues to monitor the situation, recommending that customers using older versions or modified configurations upgrade to the latest versions. No malicious activity has been detected on GitLab.com, and the company's security and engineering teams remain vigilant in ensuring the security of their products and customers.

Trends Found in this Post

No tracked trend matches for this post yet.