A new ‘extremely critical vulnerability’ has emerged in the log4j library.
I ran this command on my server to discover that the rocket.chat service may be relying on this library.
philipp@myserver:~$ sudo find / -name "log4j*"
/snap/rocketchat-server/1491/programs/server/npm/node_modules/moleculer/src/loggers/log4js.js
Would anybody be able to confirm whether that’s correct? Do I need to be worried?
Hope this gets some attention soon.
Hello,
is there any Information from Rocket Chat to this vulnerabilitiy and if Log4J is used in RocketChat?
I didnt find anything on Rocket.chat Blog, Homepage or Github
Every big company has a information about this. Why is there no information from RocketChat?
Log4js (what you found) has nothing to do with the Log4j Java library, so no there is no problem.
Hi there!
Regarding this threat, our Security Team already did the necessary investigations.
Here we have a summary of the findings:
Your Rocket.Chat application is not affected by the log4j vulnerability as it does not use log4j. Our SaaS offering is not affected as well per the current state of our investigation. We continue to monitor the situation.
Amazing! Thanks so much for your swift response.