openITCOCKPIT and Log4j - CVE-2021-44228

Is openITCOCKPIT affected by CVE-2021-44228?

No. openITCOCKPIT is not affected by the critical Log4j security vulnerability CVE-2021-44228. openITCOCKPIT itself is written in PHP and is not using or depending on any Java code.

Are any used components affected?

No. None of the backend components used by openITCOCKPIT is affected by CVE-2021-44228.

What about custom checks?

If you have installed any additional software on your openITCOCKPIT server like custom check plugins, you have to check these plugins by yourself. Even if it is very unlikely that a check plugin is implemented in Java, you should check your manually install plugins to be sure.

Why this post?

Many admins are concerned these days which software is using Log4j under the hood. We just want to inform you that openITCOCKPIT and all it used components are not affected and that no action is required.

Your openITCOCKPIT Team