Submit and vote on feature ideas.

Welcome to the new Parasoft forums! We hope you will enjoy the site and try out some of the new features, like sharing an idea you may have for one of our products or following a category.

[Updated] Regarding log4j CVE-2021-44228 with Virtualize

sang_parasoft
sang_parasoft Posts: 26 admin
edited December 2021 in Virtualize

NIST recently released several Apache's log4j Zero-Day vulnerability cases, a very popular Java library to log messages in Java Applications.

Virtualize versions impacted:

  • 2021.1
  • 2021.2

The impacted releases include log4j 2.14.0.
Any older releases include log4j 1.x which are not impacted by this vulnerability.

Updated Release for Virtualize

Updated Virtualize will be available on the Customer Portal Download page on December 21, 2021. Both include log4j 2.16.0 to address CVE-2021-44228.

  • 2021.1.1
  • 2021.2.1

Workaround Solution for Virtualize

The recommended approach for all products is to set an environment variable to mitigate the issue

LOG4J_FORMAT_MSG_NO_LOOKUPS=true