Rancher Security Statement on log4j Vulnerability

cbron · December 14, 2021, 10:30pm

CVE-2021-44228 - Log4j vulnerability

SUSE Rancher is not affected by the Log4j vulnerability, also know as Log4Shell - CVE-2021-44228.

The Helm chart for Istio v1.5, provided by Rancher and which is currently deprecated since Rancher v2.5.0, includes Zipkin and is vulnerable to Log4j. There is already a warning inside the UI that this chart is end of life.

Customers are advised to upgrade to the recent Istio versions provided inside Cluster Explorer, which do not use Zipkin and are not affected by the vulnerability.

More information about CVE-2021-44228 is available in SUSE Security Portal.

Topic		Replies	Views
Rancher Release - v2.2.4 - Addresses Rancher CVE-2019-12274 and CVE-2019-12303 Announcements	5	6302	June 5, 2019
Rancher Security Announcement [CVE-2018-20321 and CVE-2019-6287] Announcements	1	1204	January 29, 2019
Rancher Release v2.4.5 - Addresses Helm, Grafana and Istio Security Announcements Announcements	0	1992	June 20, 2020
Rancher Release v2.7.4 Announcements	1	1622	June 1, 2023
Rancher Release v2.4.14 - Addresses CVE-2021-25313 Announcements	1	1006	March 4, 2021

Rancher Security Statement on log4j Vulnerability

CVE-2021-44228 - Log4j vulnerability

Related Topics