ActiveState’s Official Statement on the Java Log4j Vulnerability

Java Log4j Vulnerability
Updated at 1:30 pm (PST) on December 15, 2021

ActiveState has completed a comprehensive audit of its systems including the web platform, APIs, and the command-line tool, and has reasonably established that ActiveState is not impacted by the Apache Log4j vulnerabilities identified as CVE-2021-44228 and CVE-2021-45046.

ActiveState has very little Java in its applications, with only two open source components that utilize Log4j, and our internal audits have reasonably established that they are not affected. Furthermore, the builds that our platform produces, which thousands of users rely heavily on, on a daily basis, are also not vulnerable to this issue. There is no remediation required for any ActiveState products at this time. 

ActiveState is continuously monitoring the situation and will publish further updates as this situation unfolds.

If you have any questions or concerns please do not hesitate to reach out to us at support@activestate.com.

Recent Posts

Tech Debt Best Practices: Minimizing Opportunity Cost & Security Risk

Tech debt is an unavoidable consequence of modern application development, leading to security and performance concerns as older open-source codebases become more vulnerable and outdated. Unfortunately, the opportunity cost of an upgrade often means organizations are left to manage growing risk the best they can. But it doesn’t have to be this way.

Read More
Scroll to Top