IBM Data Management Community Connect with Db2, Informix, Netezza, open source, and other data experts to gain value from your data, share insights, and solve problems. Join / Log in
When MongoDB became aware of the Log4Shell vulnerability (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105), an investigation began to determine whether there had been any impact to the products, services or internal systems.
As of December 20, 4pm ET, the following is the status of the investigation:
Update Dec 18: Confirmed log4j removal from production Environment. Atlas Search is no longer affected.Dec. 17: Patched to log4j v.2.16.0in response to CVE-2021-45046Dec. 12: Patched to log4j v.2.15.0in response to CVE-2021-44228No evidence of exploitation or indicators of compromise prior to the patches were discovered.
All other components of MongoDB Atlas(including Atlas Database, Data Lake, Charts)
MongoDB Community Edition(including Community Server, Cloud Manager, Community Kubernetes Operators)
MongoDB Tools(including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors)
MongoDB Realm(including Realm Database, Sync, Functions, APIs)
The situation is continually being monitored and updates will released as new information becomes available.