Security announcement: Log4j vulnerability (Log4Shell - CVE-2021-44228) and AtoM

118 views

announcementscommunityelasticsearchsecurity

Skip to first unread message

Dan Gillean

unread,

Dec 13, 2021, 5:21:30 PM12/13/21

to ICA-AtoM Users

Hello AtoM community,

In case you haven't yet heard, there was a security vulnerability recently announced in Apache Log4j that has been causing a lot of global conversation.

Because Elasticsearch uses Log4j for logging, and AtoM uses Elasticsearch as its search index, this issue does impact AtoM users.

We have put together an FAQ with links and further information, including our recommendations for patching this issue locally. Please see:

https://wiki.accesstomemory.org/Development/Security/Log4j-2021-12#Atom

Please note that this is not the only way to patch the issue - it's simply the easiest and least disruptive method our team has found and tested for production installations.

We will be continuing to monitor this situation, and should we discover any new information that supplements or contradicts our FAQ, I will post an update here when our wiki FAQ guide has been updated.

Cheers,

Dan Gillean, MAS, MLIS
AtoM Program Manager
Artefactual Systems, Inc.
604-527-2056

@accesstomemory

he / him

Reply all

Reply to author

Forward

0 new messages