« Blog Home

GitLab and Log4J Vulnerability

gitlab log4j security

Concerning the reported Log4J vulnerability (CVE-2021-44228),
you should know that GitLab does not use Log4j or Log4j2 packages.

GitLab was written using Ruby, JS and Go so it uses different log libraries.

If you use GitLab Advance Search or Code Search features (available in paid edition including Premium, Ultimate and Starter)
you should know it runs Elastic (ElasticSearch) behind the scenes, so you should check here for installed versions and a remedy.

You may use code security scanners and vulnerability scanners available in GitLab Ultimate for detecting future vulnerabilities in Java (and other languages).

Related links:

 

 

    * Full Name

    * Work Email

    * Are you using any AI tools today? What tools?

    <!--

    Do you have any questions you'd like to ask before the webinar?

    --> <!---->

      * Full Name

      * Work Email

      Are you using any SCA solution? Which one?

      <!---->

        * Full Name

        * Work Email

        * Are you using OpenProject?

        Do you have any questions you'd like to ask before the webinar?

        <!---->

          * Full Name

          * Work Email

          * Are you using any Secrets Management solution? Which one?

          <!---->