Rocket.Chat's Community Open Call 🎤 Jan 19th, 2022 Join us!

New log4j vulnerability

A new ‘extremely critical vulnerability’ has emerged in the log4j library.

I ran this command on my server to discover that the service may be relying on this library.

philipp@myserver:~$ sudo find / -name "log4j*"

Would anybody be able to confirm whether that’s correct? Do I need to be worried?

Hope this gets some attention soon.

1 Like


is there any Information from Rocket Chat to this vulnerabilitiy and if Log4J is used in RocketChat?
I didnt find anything on Blog, Homepage or Github

Every big company has a information about this. Why is there no information from RocketChat?


Log4js (what you found) has nothing to do with the Log4j Java library, so no there is no problem.


Hi there!

Regarding this threat, our Security Team already did the necessary investigations.

Here we have a summary of the findings:

Your Rocket.Chat application is not affected by the log4j vulnerability as it does not use log4j. Our SaaS offering is not affected as well per the current state of our investigation. We continue to monitor the situation.

1 Like

Amazing! Thanks so much for your swift response.