We are using Grafana V7.0.5. Hope you are aware about the critical vulnerability reported on log4j CVE-2021-44228. We would like to understand if there is any impact. If there is any impact please suggest when the fix is going to be available and if any workaround is available.
2 Likes
Hello,
Grafana and Grafana Enterprise are not affected by log4j. See our official statement here:
Thank You for the confirmation.
In addition to CVE-2021044228, there two more vulnerabilities were reported,
https://nvd.nist.gov/vuln/detail/CVE-2021-4104
https://nvd.nist.gov/vuln/detail/CVE-2021-45046
We would like to understand if there is any impact on Grafana ?
If there is any impact please suggest when the fix is going to be available and if any workaround is available.
Looking forward.