Rancher Security Statement on log4j Vulnerability

CVE-2021-44228 - Log4j vulnerability

SUSE Rancher is not affected by the Log4j vulnerability, also know as Log4Shell - CVE-2021-44228.

The Helm chart for Istio v1.5, provided by Rancher and which is currently deprecated since Rancher v2.5.0, includes Zipkin and is vulnerable to Log4j. There is already a warning inside the UI that this chart is end of life.

Customers are advised to upgrade to the recent Istio versions provided inside Cluster Explorer, which do not use Zipkin and are not affected by the vulnerability.

More information about CVE-2021-44228 is available in SUSE Security Portal.

1 Like