{"id":6008,"date":"2021-12-12T15:24:17","date_gmt":"2021-12-12T13:24:17","guid":{"rendered":"https:\/\/www.almtoolbox.com\/blog\/?p=6008"},"modified":"2021-12-13T14:33:58","modified_gmt":"2021-12-13T12:33:58","slug":"gitlab-log4j-vulnerability","status":"publish","type":"post","link":"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/","title":{"rendered":"GitLab and Log4J Vulnerability"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-6009\" src=\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2021\/12\/gitlab-security-cover-new.png\" alt=\"gitlab log4j security\" width=\"685\" height=\"161\" srcset=\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/2021\/12\/gitlab-security-cover-new.png 3840w, https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/2021\/12\/gitlab-security-cover-new-300x70.png 300w, https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/2021\/12\/gitlab-security-cover-new-1024x240.png 1024w, https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/2021\/12\/gitlab-security-cover-new-150x35.png 150w, https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/2021\/12\/gitlab-security-cover-new-768x180.png 768w, https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/2021\/12\/gitlab-security-cover-new-1536x360.png 1536w, https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/2021\/12\/gitlab-security-cover-new-2048x480.png 2048w\" sizes=\"auto, (max-width: 685px) 100vw, 685px\" \/><\/p>\n<p>Concerning the reported Log4J vulnerability (CVE-2021-44228),<br \/>\nyou should know that GitLab does not use <strong>Log4j<\/strong> or <strong>Log4j2<\/strong> packages.<\/p>\n<p>GitLab was written using Ruby, JS and Go so it uses different log libraries.<\/p>\n<p>If you use <em>GitLab Advance Search<\/em> or <em>Code Search <\/em>features (available in paid edition including Premium, Ultimate and Starter)<br \/>\nyou should know it runs Elastic (ElasticSearch) behind the scenes, so you should check <a href=\"https:\/\/www.elastic.co\/blog\/detecting-log4j2-with-elastic-security\" target=\"_blank\" rel=\"noopener\">here<\/a> for installed versions and a remedy.<\/p>\n<p>You may use code security scanners and vulnerability scanners available in GitLab Ultimate for detecting future vulnerabilities in Java (and other languages).<\/p>\n<h3>Related links:<\/h3>\n<ul>\n<li>Our <a href=\"https:\/\/www.almtoolbox.com\/gitlab\" target=\"_blank\" rel=\"noopener\">GitLab webpage<\/a><\/li>\n<li>About <a href=\"https:\/\/www.almtoolbox.com\/blog\/code-security-compliance-gitlab\/\" target=\"_blank\" rel=\"noopener\">code security scanners in GitLab<\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Concerning the reported Log4J vulnerability (CVE-2021-44228), you should know that GitLab does not use Log4j or Log4j2 packages. GitLab was written using Ruby, JS and Go so it uses different log libraries. If you use GitLab Advance Search or Code Search features (available in paid edition including Premium, Ultimate and Starter) you should know it [&hellip;]<\/p>\n","protected":false},"author":10,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[184,166],"tags":[339],"class_list":["post-6008","post","type-post","status-publish","format-standard","hentry","category-devsecops","category-gitlab","tag-log4j"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>GitLab and Log4J Vulnerability - ALMtoolbox News<\/title>\n<meta name=\"description\" content=\"Concerning the reported Log4J vulnerability (CVE-2021-44228),you should know that GitLab does not use Log4j or Log4j2\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GitLab and Log4J Vulnerability - ALMtoolbox News\" \/>\n<meta property=\"og:description\" content=\"Concerning the reported Log4J vulnerability (CVE-2021-44228),you should know that GitLab does not use Log4j or Log4j2\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"ALMtoolbox News\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/almtoolbox.israel\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-12T13:24:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-12-13T12:33:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2021\/12\/gitlab-security-cover-new.png\" \/>\n<meta name=\"author\" content=\"Tamir Gefen\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Dikla\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tamir Gefen\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/\"},\"author\":{\"name\":\"Tamir Gefen\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/409e35aa3486f92208065230bb6ebb63\"},\"headline\":\"GitLab and Log4J Vulnerability\",\"datePublished\":\"2021-12-12T13:24:17+00:00\",\"dateModified\":\"2021-12-13T12:33:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/\"},\"wordCount\":116,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2021\/12\/gitlab-security-cover-new.png\",\"keywords\":[\"log4j\"],\"articleSection\":[\"DevSecOps\",\"GitLab\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/\",\"url\":\"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/\",\"name\":\"GitLab and Log4J Vulnerability - ALMtoolbox News\",\"isPartOf\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2021\/12\/gitlab-security-cover-new.png\",\"datePublished\":\"2021-12-12T13:24:17+00:00\",\"dateModified\":\"2021-12-13T12:33:58+00:00\",\"description\":\"Concerning the reported Log4J vulnerability (CVE-2021-44228),you should know that GitLab does not use Log4j or Log4j2\",\"breadcrumb\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/#primaryimage\",\"url\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2021\/12\/gitlab-security-cover-new.png\",\"contentUrl\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2021\/12\/gitlab-security-cover-new.png\",\"width\":3840,\"height\":900,\"caption\":\"gitlab log4j security\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.almtoolbox.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GitLab and Log4J Vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#website\",\"url\":\"https:\/\/www.almtoolbox.com\/blog\/\",\"name\":\"ALMtoolbox News\",\"description\":\"All the news of ALMtoolbox\",\"publisher\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.almtoolbox.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#organization\",\"name\":\"ALMtoolbox\",\"url\":\"https:\/\/www.almtoolbox.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2015\/10\/logo.png\",\"contentUrl\":\"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2015\/10\/logo.png\",\"width\":410,\"height\":190,\"caption\":\"ALMtoolbox\"},\"image\":{\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/almtoolbox.israel\/\",\"https:\/\/www.linkedin.com\/company\/almtoolbox\/\",\"https:\/\/www.youtube.com\/user\/GoMidjets\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/409e35aa3486f92208065230bb6ebb63\",\"name\":\"Tamir Gefen\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3d4df00aa386b2805c42441dfebcedd46abf25846febb352f00c11524d994c4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3d4df00aa386b2805c42441dfebcedd46abf25846febb352f00c11524d994c4?s=96&d=mm&r=g\",\"caption\":\"Tamir Gefen\"},\"sameAs\":[\"https:\/\/x.com\/Dikla\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GitLab and Log4J Vulnerability - ALMtoolbox News","description":"Concerning the reported Log4J vulnerability (CVE-2021-44228),you should know that GitLab does not use Log4j or Log4j2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/","og_locale":"en_US","og_type":"article","og_title":"GitLab and Log4J Vulnerability - ALMtoolbox News","og_description":"Concerning the reported Log4J vulnerability (CVE-2021-44228),you should know that GitLab does not use Log4j or Log4j2","og_url":"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/","og_site_name":"ALMtoolbox News","article_publisher":"https:\/\/www.facebook.com\/almtoolbox.israel\/","article_published_time":"2021-12-12T13:24:17+00:00","article_modified_time":"2021-12-13T12:33:58+00:00","og_image":[{"url":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2021\/12\/gitlab-security-cover-new.png","type":"","width":"","height":""}],"author":"Tamir Gefen","twitter_card":"summary_large_image","twitter_creator":"@Dikla","twitter_misc":{"Written by":"Tamir Gefen","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/#article","isPartOf":{"@id":"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/"},"author":{"name":"Tamir Gefen","@id":"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/409e35aa3486f92208065230bb6ebb63"},"headline":"GitLab and Log4J Vulnerability","datePublished":"2021-12-12T13:24:17+00:00","dateModified":"2021-12-13T12:33:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/"},"wordCount":116,"commentCount":0,"publisher":{"@id":"https:\/\/www.almtoolbox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2021\/12\/gitlab-security-cover-new.png","keywords":["log4j"],"articleSection":["DevSecOps","GitLab"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/","url":"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/","name":"GitLab and Log4J Vulnerability - ALMtoolbox News","isPartOf":{"@id":"https:\/\/www.almtoolbox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/#primaryimage"},"image":{"@id":"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2021\/12\/gitlab-security-cover-new.png","datePublished":"2021-12-12T13:24:17+00:00","dateModified":"2021-12-13T12:33:58+00:00","description":"Concerning the reported Log4J vulnerability (CVE-2021-44228),you should know that GitLab does not use Log4j or Log4j2","breadcrumb":{"@id":"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/#primaryimage","url":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2021\/12\/gitlab-security-cover-new.png","contentUrl":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2021\/12\/gitlab-security-cover-new.png","width":3840,"height":900,"caption":"gitlab log4j security"},{"@type":"BreadcrumbList","@id":"https:\/\/www.almtoolbox.com\/blog\/gitlab-log4j-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.almtoolbox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"GitLab and Log4J Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/www.almtoolbox.com\/blog\/#website","url":"https:\/\/www.almtoolbox.com\/blog\/","name":"ALMtoolbox News","description":"All the news of ALMtoolbox","publisher":{"@id":"https:\/\/www.almtoolbox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.almtoolbox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.almtoolbox.com\/blog\/#organization","name":"ALMtoolbox","url":"https:\/\/www.almtoolbox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2015\/10\/logo.png","contentUrl":"https:\/\/www.almtoolbox.com\/blog\/wp-content\/uploads\/\/2015\/10\/logo.png","width":410,"height":190,"caption":"ALMtoolbox"},"image":{"@id":"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/almtoolbox.israel\/","https:\/\/www.linkedin.com\/company\/almtoolbox\/","https:\/\/www.youtube.com\/user\/GoMidjets"]},{"@type":"Person","@id":"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/409e35aa3486f92208065230bb6ebb63","name":"Tamir Gefen","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.almtoolbox.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3d4df00aa386b2805c42441dfebcedd46abf25846febb352f00c11524d994c4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3d4df00aa386b2805c42441dfebcedd46abf25846febb352f00c11524d994c4?s=96&d=mm&r=g","caption":"Tamir Gefen"},"sameAs":["https:\/\/x.com\/Dikla"]}]}},"_links":{"self":[{"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/posts\/6008","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/comments?post=6008"}],"version-history":[{"count":6,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/posts\/6008\/revisions"}],"predecessor-version":[{"id":6027,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/posts\/6008\/revisions\/6027"}],"wp:attachment":[{"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/media?parent=6008"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/categories?post=6008"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.almtoolbox.com\/blog\/wp-json\/wp\/v2\/tags?post=6008"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}