Portainer statement re Log4J CVE-2021-44228

by Neil Cresswell, on December 14, 2021

You will no doubt be aware of the recent Log4j RCE 0-day vulnerability being actively exploited in systems and services that use the Java logging library, Apache Log4j between versions 2.0 and 2.14.1 (CVE-2021-44228).

This message is to advise you we have actively checked our code and dependencies, and can confirm we have no exposure to log4j vulnerability in any element of Portainer nor our software supply chain. Portainer does not use the Java language in our development, and so are not vulnerable to this CVE.

We will continue to monitor the situation but wanted to let you know that Portainer is safe and sound.

Please feel free to get in touch if you have any concerns or further questions.


See for yourself with a live online Portainer Business demo

Let us introduce you to a world of fast and easy app deployment, governance, and management in Docker/Swarm and Kubernetes. Schedule a demo with our tech team and see how Portainer's container service delivery platform can make everyone's life easier.