Blog Security Updates and actions to address Log4j CVE 2021 44228 and CVE 2021 45046 in GitLab
December 15, 2021
1 min read

Updates and actions to address Log4j CVE 2021 44228 and CVE 2021 45046 in GitLab

Actions we’ve taken to investigate and mitigate the impact of Log4j, and actions our users can take.

security-cover.png

Updated 6:00 PM UTC January 25, 2022 As of January 22, 2022, we have updated the GitLab dependency scanning and SAST analyzers to use the latest version of log4j, 2.17.1. Additionally, we have removed log4j as a dependency from our license scanning analyzer. At this point, we believe that all impacted GitLab components have been updated to the newest log4j version. Our teams continue to monitor and investigate this issue to ensure that our products and customers are secure.

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum. Share your feedback

Ready to get started?

See what your team could do with a unified DevSecOps Platform.

Get free trial

New to GitLab and not sure where to start?

Get started guide

Learn about what GitLab can do for your team

Talk to an expert