This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Head's Up! These forums are read-only. All users and content have migrated. Please join us at community.neo4j.com.

Log4j latest security updates

kieran_geoghega
Node

‎01-06-2022 03:58 AM

Hi,
I am using Neo4J 4.3.9 Community. It has been updated to use log4j 2.16.0.
I would like to know if there is a date set for a release which upgrades log4j to 2.17.x?
I have seen the update on this page (Apache Log4j Security Vulnerability(CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)y3dtd0_gaMTE0ODcwMjQyOC4xNjM2OTgzOTQ1_ga_DL38Q8KGQC*MTY0MTQ2NjA4NC4xMi4xLjE2NDE0Njk4MzguMA..&_ga=2.154404349.438795758.1641466089-1148702428.1636983945) Which says the following:

"We are working towards upgrading to the latest version of Log4j (2.17.0) and targeting to release within the priority-based remediation timeframes that are outlined in Neo4j vulnerability management policy."

...but I was wondering if there is a specific date set yet.

I am aware of the mitigations described etc.

Thanks a lot.

Labels:
0 Kudos
Reply
3 REPLIES 3

dana_canzano
Neo4j
Neo4j

‎01-06-2022 08:48 AM

please see Apache Log4j Security Vulnerability for our current update on said vulnerabilities

0 Kudos
Reply

kieran_geoghega
Node
In response to dana_canzano

‎01-07-2022 02:48 AM

Thanks for the reply. I was hoping to get a specific date for the release, but I guess that is not available yet.

0 Kudos
Reply
Nodes 2022
Nodes
NODES 2022, Neo4j Online Education Summit

All the sessions of the conference are now available online

Watch replays