Impact of vulnerability CVE-2021-44228 in Apache Log4j2 in Mackerel

Thank you for using Mackerel.

On December 9, 2021, the vulnerability CVE-2021-44228 was reported in Apache Log4j2. The system that provides the Mackerel service uses a library that has a dependency on the relevant library, but after careful inspection, it was found to be unaffected by this vulnerability.

Also, the following services and software provided by Mackerel are unaffected because they do not use Apache Log4j2.

  • mackerel-agent / mackerel-container-agent
  • Various official plugins
  • CLI tool mkr

For more details about the vulnerability, please refer to the official information.