An update on some more serious news doing the rounds: a zero-day arbitrary code execution vulnerability (CVE-2021-442228 aka Log4Shell) was recently discovered affecting the Apache Log4j2 library for versions <= 2.14.1.
For updates from MongoDB’s security team in relation to MongoDB’s products and services, please see Log4Shell Vulnerability (CVE-2021-44228) and MongoDB.
If you are a MongoDB Commercial Support subscriber and have questions related to your deployments, please open a support case.
- AWS: Apache Log4j2 Issue (CVE-2021-44228)
- Microsoft’s Response to CVE-2021-44228 Apache Log4j 2
- Google Cloud: Apache Log4j 2 Vulnerability (CVE-2021-44228)
- CloudFlare: CVE-2021-44228 - Log4j RCE 0-day mitigation
- CrowdStrike: Log4j2 Vulnerability “Log4Shell” (CVE-2021-44228)
If you have questions or suggested resources that aren’t covered by the above information, please feel free to discuss in the comments.