You will no doubt be aware of the recent Log4j RCE 0-day vulnerability being actively exploited in systems and services that use the Java logging library, Apache Log4j between versions 2.0 and 2.14.1 (CVE-2021-44228).
This message is to advise you we have actively checked our code and dependencies, and can confirm we have no exposure to log4j vulnerability in any element of Portainer nor our software supply chain. Portainer does not use the Java language in our development, and so are not vulnerable to this CVE.
We will continue to monitor the situation but wanted to let you know that Portainer is safe and sound.
Please feel free to get in touch if you have any concerns or further questions.
COMMENTS