Metric Insights not affected by log4j vulnerability CVE-2021-44228
In light of the recent zero-day Remote Code Execution vulnerability with the Apache log4j library (published on Friday, December 10th), we wanted to update you on where Metric Insights stands:
The Metric Insights application is currently safe.
We use an older version of the library, log4j v1.2.17, which remains unaffected. More specifically, we use the log4j library to turn off logging for those integrations that have a log4j requirement. We instead use the logback module for logging and this is limited to our Dataprocessor service only, inside the Metric Insights application. The service is not exposed through the UI.
For any questions or concerns, please reach out to Metric Insights Support: [email protected]