Periodically, serious flaws are exposed in common software infrastructure that’s used everywhere. Once the flaw is discovered, vendors such as MarkLogic have to figure out what the impact is, who might be affected, and notify them as quickly as possible.
This time, the flaw emerged in a widely used error-logging Java library – Log4j. Theoretically, an attacker could execute remote code, which makes it serious.
The Log4j library is not used directly in the MarkLogic server itself, so database security is not affected. However, Log4j is used in our customers’ environments, especially as part of a managed cluster on AWS, hence quite important.
The quick summary can be found here in our KnowledgeBase, with full instructions to determine whether your environment is impacted.
Thank you again for being a MarkLogic customer, and giving us the opportunity to serve you!
No, it does not. However, it potentially might lead to an intrusion within the environment that the database runs in, so it should be considered serious.
Yes. Please contact MarkLogic support if you think you are affected.
No, not at this time, but this is a serious flaw that is likely to be exploited before long.
Like what you just read, here are a few more articles for you to check out or you can visit our blog overview page to see more.
Get info on recent and upcoming product updates from John Snelson, head of the MarkLogic product architecture team.
The MarkLogic Kafka Connector makes it easy to move data between the two systems, without the need for custom code.
MarkLogic 11 introduces support for GraphQL queries that run against views in your MarkLogic database. Customers interested in or already using GraphQL can now securely query MarkLogic via this increasingly popular query language.
Don’t waste time stitching together components. MarkLogic combines the power of a multi-model database, search, and semantic AI technology in a single platform with mastering, metadata management, government-grade security and more.Request a Demo