WSO2’s Action Response: Log4j2 Zero-Day Vulnerability (CVE-2021-44228)

As you may be aware, the Log4j2 zero-day vulnerability (CVE-2021-44228) is affecting many Java-based applications and some WSO2 products are also affected. The WSO2 team has already shared immediate risk mitigation steps for WSO2 products here.

We have released patches to upgrade WSO2 products to the Log4j2 version 2.17.0 (apache-log4j-2.17.0) and we are currently working on upgrading the versions to 2.17.1 (apache-log4j-2.17.1). If you are a WSO2 subscription customer, you will receive details about the patch release over the WSO2 Support Portal. If you are not a WSO2 customer who is affected by this security incident, please reach us through the Contact Us form for further assistance.