SmartX is aware of the recently disclosed security issue relating to the open-source Apache Log4j. We are actively monitoring this issue, and so far we’ve confirmed that the HCI software SMTX OS and the distributed storage software SMTX ZBS are not affected.

Part of the internal services of SMTX OS and SMTX ZBS are dependent on Log4j (v1.2.17, we are still confirming whether this version is affected or not).

But these internal services won’t record any uploaded information from users via Log4j, or provide any external services. They are free from the influence of the Log4j vulnerability.

Any questions, please contact info@smartx.com for technical support.

For details of this issue, please refer to:
https://github.com/apache/logging-log4j2/pull/608#issuecomment-990661374
https://www.cvedetails.com/cve/CVE-2021-44228/

Continue Reading