Skip to main content

one of our departments is saying our servers we use for Commvault are using log4shell v1.2x. They need to update it to v2.16.0.  Im green when it comes to this topic. is this log4shell a third party app which the server has installed prior to Commvault software, or is this something that Commvault installs, and is resolved by updating the Commvault software? Thats where the confusion comes into play for me, because it comes down to whether or not the department that brought this up is asking us for permissions to update it, or if this is something to do with commvault software which my team needs to handle?

It was released yesterday.  For the most up to date info, subscribe to the thread posted above (the sticky one).

We are constantly monitoring and updating things there.

We do have a Maintenance Release coming early next week that will contain the fixes that are in the latest hotfix pack.


Hello Mike,

when is the new patch finished? Is there any appointment for this?

 


Hi @TP_Erickson , I assume they are talking about this:

 

This is an open source library used for logging/debugging.  If you have database agents that use archive (and a few more features, listed in the above article) then you might be vulnerable.

We currently have an update that removes 2.x and upgrades to 2.15, though we are working on updates to upgrade to 2.16.

The above post is where I’m updating everyone.  Head over there and subscribe so you can get the latest updates.


Reply