Security issue: Apache Log4j 2 RCE vulnerability

Any news on the Apache Log4j 2 aka CVE-2021-44228 issue? Is Kubernetes affected?

No…kubernetes is written in go.

I found details in the Kubernetes slack announcement channel:

Those announcements were posted on September 15th (the first two) and October 21st (the third) and they’re about different, unrelated vulnerabilities with different CVE numbers.

@charlieok Thanks for that, totally missed that the dates didn’t match up. :frowning:

1 Like


We have same question is kubernetes is impacted by Log4J, any necessary action needs to be taken, further more how to identify which version of Log4J is running? if this is the impacted version or not.

Kindly assist. thank you very much