At Indeni, as in many organizations, we took immediate actions following the details emerging around CVE-2021-44228. The Log4j vulnerability has come to be known as Log4Shell. Security researchers disclosed this vulnerability on Friday Dec 10, 2021. In situations like these, we quickly identify any risks to customers and thoroughly investigate any exposure we may have ourselves.
Indeni product is running version 1.12 which does not use a Log4j version vulnerable to CVE-2021-44228. You can find the locations of the log4j logback.xml configuration files below.
Here at Indeni, we take risk and vulnerability in open-source software very seriously. If you have additional questions related to the Log4j vulnerability, please do not hesitate to contact us.