[Kea-users] Kea not vulnerable to Log4j
Victoria Risk
vicky at isc.org
Tue Dec 21 15:00:27 UTC 2021
Kea-users,
The Kea code from ISC does not contain any Java and does not link to Log4J. However, Stork users might be interested to know that the Swagger API generator does use Log4J in a test function. Normal usage of Stork does not expose the deployment to this vulnerability.
In an unrelated note, Grafana, also used by Stork for data visualization, has a recent 0-day vulnerability. (https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p) Stork bundles Grafana in the included Stork demo, which should not be used in production. In any case, Stork users who are also using Grafana should follow Grafana for vulnerability updates.
Regards,
Vicky Risk,
Product Manager
More information about the Kea-users
mailing list