Published: December 13, 2021Last Updated: December 15, 2021

ActiveState’s Official Statement on the Java Log4j Vulnerability

Updated at 1:30 pm (PST) on December 15, 2021

ActiveState has completed a comprehensive audit of its systems including the web platform, APIs, and the command-line tool, and has reasonably established that ActiveState is not impacted by the Apache Log4j vulnerabilities identified as CVE-2021-44228 and CVE-2021-45046.

ActiveState has very little Java in its applications, with only two open source components that utilize Log4j, and our internal audits have reasonably established that they are not affected. Furthermore, the builds that our platform produces, which thousands of users rely heavily on, on a daily basis, are also not vulnerable to this issue. There is no remediation required for any ActiveState products at this time. 

ActiveState is continuously monitoring the situation and will publish further updates as this situation unfolds.

If you have any questions or concerns please do not hesitate to reach out to us at support@activestate.com.

Suhani S