New York, 12/17/2021
The Apache foundation has released additional notifications under CVE-2021-45105 about further issues with the Apache Log4j2 logging tool. This new notification indicates that the the facility does not always protect from infinite recursion in lookup evaluation.
Apache has already released Log4j 2.17.0 to address the issue, and this remediation will be applied in accordance with applicable patch management processes in order to avoid any potential exploit. Currently, we have not found widespread usage of Log4j across the majority of client environments, nor has the Log4J components been found to be in use throughout GNS' internal networks.
GNS will continue to operate in a state of active monitoring and readiness to respond to any such threats. Our top priority is to work closely with our clientele to preserve the security and protection of their information.
This press release was published on 12.17.2021. For more information, please contact compliance@gnetsys.net.