Gluu’s products are primarily Java based software. Not surprisingly, we use log4J. Like most software vendors, we have been responding and updating our software to address the issue described on the Apache.org website.
Once we publish the software update, we’ll continue researching the exploit to better understand the risk.
For now, we are assisting supported customers to patch their deployments. The patch is a script that will update libraries for an in-place deployment. Subsequent releases will include the updated log4j library. Community support users may open a support ticket, and the Gluu team will be in touch with instructions on how to get early access to the patch when available. The quickest fix for community users is to upgrade to version 4.3.1 now available!
Gluu 4.3.1 is a maintenance release of our stable distribution. All components include updates to the log4j library (now version 2.17).
Other enhancements include: