As you are an Akeneo SaaS user, we have good news for you. Serenity/GrowthEdition/SharedCatalogs are NOT impacted by the Apache Log4j Java critical security vulnerability that was disclosed on Friday, December the 10th 2021, thanks to our ability to continuously upgrade and maintain our services. No action is needed from you and your Akeneo instance remains secure.
You may have heard about a global critical vulnerability disclosed Friday, December the 10th 2021, which has the potential to affect a lot of online services and companies. This vulnerability comes from a Java logging library. Just after the publication of this vulnerability (CVE-2021-44228, or Log4shell), we closely examined any related impacts to Akeneo, assessed our exposure, and came to the following statement:
- As PHP applications, our main software is not impacted;
- We use Elasticsearch (from Elastic) as a technical component
We have concluded that there is no security vulnerability for you, as a SaaS customer.