{"id":12586,"date":"2021-12-13T16:20:51","date_gmt":"2021-12-14T00:20:51","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=12586"},"modified":"2025-06-13T21:33:22","modified_gmt":"2025-06-14T04:33:22","slug":"what-to-know-about-the-log4j-vulnerability-cve-2021-44228","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/","title":{"rendered":"What to Know About the Log4j Vulnerability CVE-2021-44228"},"content":{"rendered":"<p><span style=\"font-weight: 400\">A critical zero-day exploit, known as Log4Shell, affecting the <\/span><a href=\"https:\/\/logging.apache.org\/log4j\/2.x\/security.html\"><span style=\"font-weight: 400\">Apache Log4j utility<\/span><\/a><span style=\"font-weight: 400\"> (<\/span><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-44228\"><span style=\"font-weight: 400\">CVE-2021-44228<\/span><\/a><span style=\"font-weight: 400\">) was made public on December 9, 2021. As soon as Couchbase became aware of this issue, we investigated it immediately within our product and security teams, and took actions to protect our customers.<\/span><\/p>\n<p><span style=\"font-weight: 400\">There are two Couchbase products which are currently affected by this issue.\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Couchbase Server Enterprise Edition, when running the Couchbase Analytics service, versions 6.0.0 through 6.6.3 and versions 7.0.0 through 7.0.2.<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Couchbase Elasticsearch Connector, versions prior to 4.2.13 and 4.3.3.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">The Couchbase Server Community Edition is not impacted by this vulnerability, as this product does not contain the Couchbase Analytics service.<\/span><\/p>\n<p><span style=\"font-weight: 400\">The Couchbase Database-as-a-Service, Couchbase Capella, has temporarily disabled the ability to deploy the Analytics Service. Additionally, clusters running the Analytics Service have been secured with an updated security patch.<\/span><\/p>\n<p><span style=\"font-weight: 400\">We are not aware of any other Couchbase products that are affected by the CVE-2021-44228 issue.\u00a0 <\/span><span style=\"font-weight: 400\">We also note that we are not aware of any Couchbase products affected by the additional Log4J <a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2021-45046\">CVE-2021-45046,<\/a>\u00a0<a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2021-45105\">CVE-2021-45105<\/a> and <a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2021-44832\">CVE-2021-44832<\/a> security issues.<\/span><\/p>\n<p><span style=\"font-weight: 400\">As our internal investigation progresses, we may update this post with any additional relevant information as needed.\u00a0 We encourage Couchbase Enterprise subscribers to review our published <\/span><a href=\"https:\/\/support.couchbase.com\/hc\/en-us\/articles\/4412566243739-CVE-2021-44228-Log4j-RCE-vulnerability\"><span style=\"font-weight: 400\">Knowledge Base Article<\/span><\/a><span style=\"font-weight: 400\"> (login required) for the most up-to-date information.<\/span><\/p>\n<h4><span style=\"font-weight: 400\">Couchbase Server:<\/span><\/h4>\n<p><span style=\"font-weight: 400\">Couchbase Server version 6.6.4 and Couchbase Server version 7.0.3 with a software update which resolves this vulnerability have been made available today, the 14th of December 2021.<\/span><\/p>\n<p><span style=\"font-weight: 400\">We encourage all customers who utilize the Couchbase Analytics service to upgrade their clusters immediately.\u00a0 Please visit our download page at <\/span><a href=\"https:\/\/couchbase.com\/downloads\/\"><span style=\"font-weight: 400\">https:\/\/couchbase.com\/downloads<\/span><\/a><span style=\"font-weight: 400\"> to download these new versions. Couchbase Server clusters running the Analytics Service which are managed by the Couchbase Autonomous Operator are also affected and should upgrade to Couchbase Server 6.6.4 or 7.0.3 as appropriate, as soon as possible.<br \/>\n<\/span><\/p>\n<p><span style=\"font-weight: 400\">Until customers upgrade to the fixed versions of Couchbase Server, please use the following workaround to mitigate the risk of this vulnerability:\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">This command removes the <\/span><em><span style=\"font-weight: 400\">JndiLookup<\/span><\/em><span style=\"font-weight: 400\"> class from any version of the log4j jar files and protects against this exploit:<\/span><\/p>\n<p><em><span style=\"font-weight: 400\">$ find \/opt\/couchbase\/lib\/cbas\/repo -name &#8216;log4j-core*.jar&#8217; -type f<\/span> <span style=\"font-weight: 400\">\u00a0| xargs -I{} sh -c &#8216;echo patching {}; zip -q -d {} org\/apache\/logging\/log4j\/core\/lookup\/JndiLookup.class&#8217;<\/span><\/em><\/p>\n<p><span style=\"font-weight: 400\">To validate that the JndiLookup class is not present and that the removal command was executed correctly, you can run the following command:<\/span><\/p>\n<p><em><span style=\"font-weight: 400\">$ find \/opt\/couchbase\/lib\/cbas\/repo -name &#8216;log4j-core*.jar&#8217; -type f\u00a0 | xargs -I{} unzip -l {} &#8216;*JndiLookup.class&#8217;<\/span><\/em><\/p>\n<p><em><span style=\"font-weight: 400\">Archive:\u00a0 \/opt\/couchbase\/lib\/cbas\/repo\/log4j-core-2.14.1.jar<\/span><\/em><\/p>\n<p><em><span style=\"font-weight: 400\">\u00a0\u00a0Length\u00a0 \u00a0 \u00a0 Date\u00a0 \u00a0 Time\u00a0 \u00a0 Name<\/span><\/em><\/p>\n<p><em><span style=\"font-weight: 400\">&#8212;&#8212;&#8212;\u00a0 &#8212;&#8212;&#8212;- &#8212;&#8211; \u00a0 &#8212;-<\/span><\/em><\/p>\n<p><em><span style=\"font-weight: 400\">&#8212;&#8212;&#8212; \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 &#8212;&#8212;-<\/span><\/em><\/p>\n<p><em><span style=\"font-weight: 400\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a00 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 0 files<\/span><\/em><\/p>\n<p><span style=\"font-weight: 400\">After applying the removal command to each analytics node, the <\/span><a href=\"https:\/\/docs.couchbase.com\/server\/current\/analytics\/rest-admin.html#cluster-restart\"><span style=\"font-weight: 400\">Cluster Restart API<\/span><\/a><span style=\"font-weight: 400\"> should be used to trigger the restart of all Analytics nodes.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Enterprise subscribers are also encouraged to review our published <\/span><a href=\"https:\/\/support.couchbase.com\/hc\/en-us\/articles\/4412566243739-CVE-2021-44228-Log4j-RCE-vulnerability\"><span style=\"font-weight: 400\">Knowledge Base Article<\/span><\/a><span style=\"font-weight: 400\"> for additional information on this workaround.<\/span><\/p>\n<h4><span style=\"font-weight: 400\">Couchbase Server when Managed by Couchbase Autonomous Operator:<\/span><\/h4>\n<p><span style=\"font-weight: 400\">Until a container version is released with an update for Couchbase Server, in a container environment the workaround above may be employed with a different set of steps.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Copy the specific jar file out from the node to a local system, and apply the general workaround.\u00a0 On Red Hat OpenShift, the commands are similar.\u00a0 For example:<\/span><\/p>\n<p><em><span style=\"font-weight: 400\">$ kubectl cp <\/span><\/em><\/p>\n<p><em><span style=\"font-weight: 400\">cb-example-0000:\/opt\/couchbase\/lib\/cbas\/repo\/jars\/log4j-core-2.14.1.jar \/tmp\/log4j-core-2.14.1.jar<\/span><\/em><\/p>\n<p><em><span style=\"font-weight: 400\">$ unzip -l \/tmp\/log4j-core-2.14.1.jar | grep -i JndiL<\/span><\/em><\/p>\n<p><em><span style=\"font-weight: 400\">\u00a0\u00a02937\u00a0 03-06-2021 22:12 \u00a0 org\/apache\/logging\/log4j\/core\/lookup\/JndiLookup.class<\/span><\/em><\/p>\n<p><em><span style=\"font-weight: 400\">$ zip -q -d \/tmp\/log4j-core-2.14.1.jar org\/apache\/logging\/log4j\/core\/lookup\/JndiLookup.class .<\/span><\/em><\/p>\n<p><em><span style=\"font-weight: 400\">$ unzip -l \/tmp\/log4j-core-2.14.1.jar | grep -i JndiL | wc -l<\/span><\/em><\/p>\n<p><em><span style=\"font-weight: 400\">\u00a0\u00a00<\/span><\/em><\/p>\n<p><span style=\"font-weight: 400\">Then copy the modified JAR file back into the pod.\u00a0 For example:<\/span><\/p>\n<p><em><span style=\"font-weight: 400\">$ kubectl cp \/tmp\/log4j-core-2.14.1.jar\u00a0 cb-example-0000:\/opt\/couchbase\/lib\/cbas\/repo\/jars\/log4j-core-2.14.1.jar<\/span><\/em><\/p>\n<p><span style=\"font-weight: 400\">And finally, restart the Couchbase Server related Analytics processes using the <\/span><a href=\"https:\/\/docs.couchbase.com\/server\/current\/analytics\/rest-admin.html#cluster-restart\"><span style=\"font-weight: 400\">Cluster Restart API<\/span><\/a><span style=\"font-weight: 400\"> noted above.\u00a0 Any new pods created through configuration changes to the CouchbaseCluster resource or any pods recreated in the course of normal operations will need to have the mitigation reapplied.<\/span><\/p>\n<h4><span style=\"font-weight: 400\">Couchbase Elasticsearch Connector:<\/span><\/h4>\n<p><span style=\"font-weight: 400\">We encourage all customers to upgrade to the latest versions of the Couchbase Elasticsearch Connector, which is provided with a fix for this issue.\u00a0 Versions 4.2.13 and 4.3.3 are available now. The <\/span><a href=\"https:\/\/docs.couchbase.com\/elasticsearch-connector\/current\/release-notes.html\"><span style=\"font-weight: 400\">release notes<\/span><\/a><span style=\"font-weight: 400\"> provide additional details and download links. In the case that you want to mitigate in place, the <\/span><a href=\"https:\/\/support.couchbase.com\/hc\/en-us\/articles\/4412566243739-CVE-2021-44228-Log4j-RCE-vulnerability\"><span style=\"font-weight: 400\">Knowledge Base Article<\/span><\/a><span style=\"font-weight: 400\"> describes how to update the JAR file in place.<\/span><\/p>\n<p><span style=\"font-weight: 400\">If you have any questions, please visit the <\/span><a href=\"https:\/\/www.couchbase.com\/forums\/\"><span style=\"font-weight: 400\">Couchbase Community Forums<\/span><\/a><span style=\"font-weight: 400\">. If you are a Couchbase Enterprise customer and have additional questions, please open a <\/span><a href=\"https:\/\/support.couchbase.com\/\"><span style=\"font-weight: 400\">support case<\/span><\/a><span style=\"font-weight: 400\">.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A critical zero-day exploit, known as Log4Shell, affecting the Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021. As soon as Couchbase became aware of this issue, we investigated it immediately within our product and security teams, and [&hellip;]<\/p>\n","protected":false},"author":1864,"featured_media":12588,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[2242,2294,9284,1816,1813,2389],"tags":[],"ppma_author":[8928],"class_list":["post-12586","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-connectors","category-analytics","category-couchbase-autonomous-operator","category-couchbase-server","category-security","category-solutions"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.7.1 (Yoast SEO v25.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What to Know About the Log4j Vulnerability CVE-2021-44228 - The Couchbase Blog<\/title>\n<meta name=\"description\" content=\"In this blog post we go over what to know about the Log4j Vulnerability CVE-2021-44228\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What to Know About the Log4j Vulnerability CVE-2021-44228\" \/>\n<meta property=\"og:description\" content=\"In this blog post we go over what to know about the Log4j Vulnerability CVE-2021-44228\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-14T00:20:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-14T04:33:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/12\/pexels-photo-775907.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"2250\" \/>\n\t<meta property=\"og:image:height\" content=\"1500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ian McCloy, Director Product Management\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ian McCloy, Director Product Management\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/\"},\"author\":{\"name\":\"Ian McCloy, Director Product Management, Couchbase\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/7e8c834bce5128ad6cd764cd1c4cea19\"},\"headline\":\"What to Know About the Log4j Vulnerability CVE-2021-44228\",\"datePublished\":\"2021-12-14T00:20:51+00:00\",\"dateModified\":\"2025-06-14T04:33:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/\"},\"wordCount\":773,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/12\/pexels-photo-775907.jpeg\",\"articleSection\":[\"Connectors\",\"Couchbase Analytics\",\"Couchbase Autonomous Operator\",\"Couchbase Server\",\"Security\",\"Solutions\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/\",\"name\":\"What to Know About the Log4j Vulnerability CVE-2021-44228 - The Couchbase Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/12\/pexels-photo-775907.jpeg\",\"datePublished\":\"2021-12-14T00:20:51+00:00\",\"dateModified\":\"2025-06-14T04:33:22+00:00\",\"description\":\"In this blog post we go over what to know about the Log4j Vulnerability CVE-2021-44228\",\"breadcrumb\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/#primaryimage\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/12\/pexels-photo-775907.jpeg\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/12\/pexels-photo-775907.jpeg\",\"width\":2250,\"height\":1500},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.couchbase.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What to Know About the Log4j Vulnerability CVE-2021-44228\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/7e8c834bce5128ad6cd764cd1c4cea19\",\"name\":\"Ian McCloy, Director Product Management, Couchbase\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/97dd714a3242521ce9dcea0d96550c5f\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g\",\"caption\":\"Ian McCloy, Director Product Management, Couchbase\"},\"description\":\"Ian McCloy is the Director of the Platform and Security Product Management Group for Couchbase and lives in the United Kingdom. His dedicated team is responsible for the Reliability, Availability, Serviceability and Security architecture of Couchbase Server and the SaaS Database, Capella. This team also own cloud-native platforms like the Couchbase Kubernetes Autonomous Operator. Ian has a vast range of experience as a Software Engineer, Technical Support Engineer, Quality Assurance Engineer and Systems Administrator. Ian has led global technical teams for the majority of his 20 year professional career and holds several patents in the areas of information security, virtualisation and hardware design. https:\/\/www.linkedin.com\/in\/ianmccloy\/\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/ianmccloy\/\"],\"url\":\"https:\/\/www.couchbase.com\/blog\/author\/ian-mccloycouchbase-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"What to Know About the Log4j Vulnerability CVE-2021-44228 - The Couchbase Blog","description":"In this blog post we go over what to know about the Log4j Vulnerability CVE-2021-44228","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/","og_locale":"en_US","og_type":"article","og_title":"What to Know About the Log4j Vulnerability CVE-2021-44228","og_description":"In this blog post we go over what to know about the Log4j Vulnerability CVE-2021-44228","og_url":"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/","og_site_name":"The Couchbase Blog","article_published_time":"2021-12-14T00:20:51+00:00","article_modified_time":"2025-06-14T04:33:22+00:00","og_image":[{"width":2250,"height":1500,"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/12\/pexels-photo-775907.jpeg","type":"image\/jpeg"}],"author":"Ian McCloy, Director Product Management","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Ian McCloy, Director Product Management","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/"},"author":{"name":"Ian McCloy, Director Product Management, Couchbase","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/7e8c834bce5128ad6cd764cd1c4cea19"},"headline":"What to Know About the Log4j Vulnerability CVE-2021-44228","datePublished":"2021-12-14T00:20:51+00:00","dateModified":"2025-06-14T04:33:22+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/"},"wordCount":773,"commentCount":0,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/12\/pexels-photo-775907.jpeg","articleSection":["Connectors","Couchbase Analytics","Couchbase Autonomous Operator","Couchbase Server","Security","Solutions"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/","url":"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/","name":"What to Know About the Log4j Vulnerability CVE-2021-44228 - The Couchbase Blog","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/12\/pexels-photo-775907.jpeg","datePublished":"2021-12-14T00:20:51+00:00","dateModified":"2025-06-14T04:33:22+00:00","description":"In this blog post we go over what to know about the Log4j Vulnerability CVE-2021-44228","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/12\/pexels-photo-775907.jpeg","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/12\/pexels-photo-775907.jpeg","width":2250,"height":1500},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/what-to-know-about-the-log4j-vulnerability-cve-2021-44228\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"What to Know About the Log4j Vulnerability CVE-2021-44228"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"The Couchbase Blog","description":"Couchbase, the NoSQL Database","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"The Couchbase Blog","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/7e8c834bce5128ad6cd764cd1c4cea19","name":"Ian McCloy, Director Product Management, Couchbase","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/97dd714a3242521ce9dcea0d96550c5f","url":"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g","caption":"Ian McCloy, Director Product Management, Couchbase"},"description":"Ian McCloy is the Director of the Platform and Security Product Management Group for Couchbase and lives in the United Kingdom. His dedicated team is responsible for the Reliability, Availability, Serviceability and Security architecture of Couchbase Server and the SaaS Database, Capella. This team also own cloud-native platforms like the Couchbase Kubernetes Autonomous Operator. Ian has a vast range of experience as a Software Engineer, Technical Support Engineer, Quality Assurance Engineer and Systems Administrator. Ian has led global technical teams for the majority of his 20 year professional career and holds several patents in the areas of information security, virtualisation and hardware design. https:\/\/www.linkedin.com\/in\/ianmccloy\/","sameAs":["https:\/\/www.linkedin.com\/in\/ianmccloy\/"],"url":"https:\/\/www.couchbase.com\/blog\/author\/ian-mccloycouchbase-com\/"}]}},"authors":[{"term_id":8928,"user_id":1864,"is_guest":0,"slug":"ian-mccloycouchbase-com","display_name":"Ian McCloy, Director Product Management","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g","author_category":"","last_name":"McCloy, Director Product Management","first_name":"Ian","job_title":"","user_url":"","description":"Ian McCloy is the Director of the Platform and Security Product Management Group for Couchbase and lives in the United Kingdom.  His dedicated team is responsible for the Reliability, Availability, Serviceability and Security architecture of Couchbase Server and the SaaS Database, Capella.  This team also own cloud-native platforms like the Couchbase Kubernetes Autonomous Operator.  Ian has a vast range of experience as a Software Engineer, Technical Support Engineer, Quality Assurance Engineer and Systems Administrator. Ian has led global technical teams for the majority of his 20 year professional career and holds several patents in the areas of information security, virtualisation and hardware design. https:\/\/www.linkedin.com\/in\/ianmccloy\/"}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/12586","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/users\/1864"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/comments?post=12586"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/12586\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media\/12588"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media?parent=12586"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/categories?post=12586"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/tags?post=12586"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=12586"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}