Security announcement: Log4j vulnerability (Log4Shell - CVE-2021-44228) and AtoM

Skip to first unread message

Dan Gillean

Dec 13, 2021, 5:21:30 PM12/13/21
to ICA-AtoM Users
Hello AtoM community, 

In case you haven't yet heard, there was a security vulnerability recently announced in Apache Log4j that has been causing a lot of global conversation. 

Because Elasticsearch uses Log4j for logging, and AtoM uses Elasticsearch as its search index, this issue does impact AtoM users

We have put together an FAQ with links and further information, including our recommendations for patching this issue locally. Please see: 
Please note that this is not the only way to patch the issue - it's simply the easiest and least disruptive method our team has found and tested for production installations.  

We will be continuing to monitor this situation, and should we discover any new information that supplements or contradicts our FAQ, I will post an update here when our wiki FAQ guide has been updated. 


Dan Gillean, MAS, MLIS
AtoM Program Manager
Artefactual Systems, Inc.
he / him
Reply all
Reply to author
0 new messages