Portainer statement re Log4J CVE-2021-44228

by Neil Cresswell, on December 14, 2021

You will no doubt be aware of the recent Log4j RCE 0-day vulnerability being actively exploited in systems and services that use the Java logging library, Apache Log4j between versions 2.0 and 2.14.1 (CVE-2021-44228).

This message is to advise you we have actively checked our code and dependencies, and can confirm we have no exposure to log4j vulnerability in any element of Portainer nor our software supply chain. Portainer does not use the Java language in our development, and so are not vulnerable to this CVE.

We will continue to monitor the situation but wanted to let you know that Portainer is safe and sound.

Please feel free to get in touch if you have any concerns or further questions.


Interested in running Portainer in a business environment?

Portainer Business is our fully featured, fully supported business product. It is used by some of the largest organizations in the world to deliver a powerful self-service container management experience for developers and IT teams. With more than 500,000 active users, Portainer is proven to be the simplest and most effective way of managing Docker, Swarm, and Kubernetes environments.