We’ve joined forces with Smartlogic to reveal smarter decisions—together.

Log4j: An Update On “LogJam”

Periodically, serious flaws are exposed in common software infrastructure that’s used everywhere. Once the flaw is discovered, vendors such as MarkLogic have to figure out what the impact is, who might be affected, and notify them as quickly as possible.

This time, the flaw emerged in a widely used error-logging Java library – Log4j. Theoretically, an attacker could execute remote code, which makes it serious.

The Log4j library is not used directly in the MarkLogic server itself, so database security is not affected. However, Log4j is used in our customers’ environments, especially as part of a managed cluster on AWS, hence quite important.

The quick summary can be found here in our KnowledgeBase, with full instructions to determine whether your environment is impacted.

Thank you again for being a MarkLogic customer, and giving us the opportunity to serve you!


FAQ:

Does this flaw impact the security of the MarkLogic database?

No, it does not. However, it potentially might lead to an intrusion within the environment that the database runs in, so it should be considered serious.

Are there new versions – or other remediations – available for the affected environmental components?

Yes. Please contact MarkLogic support if you think you are affected.

Are there any reported intrusions?

No, not at this time, but this is a serious flaw that is likely to be exploited before long.

Chuck joined the MarkLogic team in 2021, coming from Oracle as SVP Portfolio Management. Prior to Oracle, he was at VMware working on virtual storage. Chuck came to VMware after almost 20 years at EMC, working in a variety of field, product, and alliance leadership roles.

Chuck lives in Vero Beach, Florida with his wife and three dogs. He enjoys discussing the big ideas that are shaping the IT industry.

Start a discussion

Connect with the community

STACK OVERFLOW

EVENTS

GITHUB COMMUNITY

Most Recent

View All

Unifying Data, Metadata, and Meaning

We're all drowning in data. Keeping up with our data - and our understanding of it - requires using tools in new ways to unify data, metadata, and meaning.
Read Article

How to Achieve Data Agility

Successfully responding to changes in the business landscape requires data agility. Learn what visionary organizations have done, and how you can start your journey.
Read Article

Scaling Memory in MarkLogic Server

This not-too-technical article covers a number of questions about MarkLogic Server and its use of memory. Learn more about how MarkLogic uses memory, why you might need more memory, when you need more memory, and how you can add more memory.
Read Article
This website uses cookies.

By continuing to use this website you are giving consent to cookies being used in accordance with the MarkLogic Privacy Statement.