Apache log4j Vulnerabilities CVE-2021-44228 and CVE-2021-45046

By Tim Hall / Product, Company
Dec 13, 2021

InfluxData is aware of two recently reported Apache log4j (log4j) vulnerabilities CVE-2021-44228 and CVE-2021-45046. We employ rigorous security practices to safeguard our products and their dependencies as well as software used to deliver our cloud services. We want you to be aware that our software does NOT employ log4j, nor is it within our supply chain.

The scope of this statement covers all versions of our services and software including:

• InfluxDB OSS
• InfluxDB Enterprise
• InfluxDB Cloud
• Telegraf
• Kapacitor
• Chronograf

This also includes our official Docker images as well.

InfluxData uses software on backend systems that include log4j. These systems have been patched as of 10 December 2021 and remain isolated from our cloud services infrastructure.

If you have any additional questions or concerns, you may contact us at [email protected].