tagtog response to CVE-2021–44228

🍃tagtog
1 min readDec 22, 2021

--

By Dr. Juan Miguel Cejuela — 🤲 this story’s open link

Last update: 2021–12–19

We have worked with a high priority on evaluating all the details for the tagtog software regarding the worldwide CVE-2021–44228 vulnerability (“Log4jShell”). Please read here our response.

In short:

As of today’s status, the tagtog software was not affected by the Log4jShell vulnerability.

More info:

As you might know, tagtog OnPremises is based on multiple services, packaged and run as docker containers.

The tagtog software uses 9 docker images:

> 8 of our tagtog docker images either do not package any log4j library or otherwise use a non-affected log4j version. That includes our main docker image, the webapp.

> 1 docker image (“tagtog_index”) packages a susceptible log4j library version. But the scope functionality of this docker image is minimal. Most importantly, no user’s information nor input is logged in here. Thus, there is no possible vulnerability. Moreover, as of today’s status, tagtog is not affected by CVE-2021–45046 either.

Our measures:

As described, tagtog is not affected by the Log4jShell vulnerability. Regardless of that, tagtog is committed to security. To be extra cautious, we released promptly a new tagtog version (2021–12–19), which added by default the JVM parameter: `-Dlog4j2.formatMsgNoLookups=true` to the aforementioned “tagtog_index” image.

If you are a tagtog OnPremises client, 👉 you can now update your tagtog version.

We appreciate that our teams support each other in realizing high-security standards.

The tagtog team and I are gladly at your disposal for any further questions and information.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

--

--