Log4j latest security updates

geoghegk · January 6, 2022, 11:58am

Hi,
I am using Neo4J 4.3.9 Community. It has been updated to use log4j 2.16.0.
I would like to know if there is a date set for a release which upgrades log4j to 2.17.x?
I have seen the update on this page (Apache Log4j Security Vulnerability) Which says the following:

"We are working towards upgrading to the latest version of Log4j (2.17.0) and targeting to release within the priority-based remediation timeframes that are outlined in Neo4j vulnerability management policy."

...but I was wondering if there is a specific date set yet.

I am aware of the mitigations described etc.

Thanks a lot.

dana_canzano · January 6, 2022, 4:48pm

please see Apache Log4j Security Vulnerability for our current update on said vulnerabilities

geoghegk · January 7, 2022, 10:48am

Thanks for the reply. I was hoping to get a specific date for the release, but I guess that is not available yet.

dana_canzano · January 11, 2022, 12:39pm

@geoghegk

4.4: Neo4j 4.4.3 - Neo4j Graph Data Platform
4.3 Neo4j 4.3.10 - Neo4j Graph Data Platform

Topic		Replies	Views
How to fix neo4j log4j issues Operations security	3	1177	December 13, 2021
Impact of Log4j vulnerability CVE-2021-44832 Server	5	1009	January 6, 2022
Log4j Security in Neo4j docker image Docker docker	1	448	December 16, 2021
What version of log4j do I have? Desktop	8	345	February 18, 2022
Log4J CVE Mitigation for Neo4j Announcements security , sandbox , aura , cve	2	18149	December 18, 2021

Log4j latest security updates

Related topics