Question

Log4j Vulnerability in Looker Stand-Alone Instances?

  • 13 December 2021
  • 4 replies
  • 1281 views

Userlevel 2

Is there a concern for the recent log4j vulnerability with looker and if so is there a patch?


4 replies

do we have the updated link ? 

Userlevel 2

Hi all,

Please check out the updates here about the log4j vulnerability: https://help.looker.com/hc/en-us/articles/4412928350867

Hi

This doc https://help.looker.com/hc/en-us/articles/4412928350867 says

All Looker hosted instances have been updated to a Looker version with Log4j 2 v2.16. Customers on customer hosted instances should update to a version listed below as soon as possible.

 

But apache https://logging.apache.org/log4j/2.x/security.html doc says

CVE-2021-45105 is fixed in Log4j 2.17.0

 

Userlevel 3
Badge

Please see the help center article for the latest updates from Looker on CVE-2021-45105.

Reply