log4j and DigitalOcean front-end / API etc

Posted December 11, 2021 506 views

Hi DigitalOcean - I know I am not running log4j on my servers in your stack I would like confirmation from DigitalOcean that your systems and front-end etc do not pose access vulnerabilities to my Droplets, Spaces or similar via this vulnerability. Can you put out a statement please? Thanks!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
2 answers

Hi there,

In addition to what has already been mentioned, here is a link to DigitalOcean’s response to the Log4j security vulnerability


Hello, @mdgosden

Apache log4j 2 is an open-source Java-based logging framework that should not be installed by default on your Apache server, hence you’ve not manually installed/configured it then CVE-2021-44228 should not affect your server.

The package may be available for install, but if you haven’t installed it manually on your droplet then you should not be affected.