Blog

All posts releases news security guides

Eclipse Vert.x and Log4j 2 CVE-2021-44228

A recent CVE-2021-44228 has been disclosed that affects the Log4j 2 library.

The Vert.x project can optionally use this library for logging but does not ship or directly depends on this library and therefore is not affected by this CVE.

In practice, an application using Vert.x might use it but needs to explicitly depend on this library. In such case, the Log4j 2 dependency version must be upgraded to 2.15.0 or later.

The Vert.x team will provide this week patch releases that update the optional or test dependencies of Log4j 2:

Vert.x 4.2.2, which is expected to be delivered soon and contains other bug fixes
Vert.x 4.1.7 the previous stable branch
Vert.x 3.9.11 the last stable branch of Vert.x 3, which is supported until end of 2022

Posted on 13 December 2021

1 min read

Next post

Eclipse Vert.x 3.9.11 released!

Eclipse Vert.x version 3.9.11 has just been released.

14 December 2021

Previous post

Eclipse Vert.x 3.9.10 released!

Eclipse Vert.x version 3.9.10 has just been released. It fixes quite a few bugs that have been reported by the community.

5 November 2021

Related posts

Centralized logging for Vert.x applications using the ELK stack

This post entry describes a solution to achieve centralized logging of Vert.x applications using the ELK stack (Logstash, Elasticsearch, and Kibana).

Ricardo Hernandez

8 September 2016

Things to keep in mind concerning CSRF attacks

Eclipse Vert.x like most frameworks provides an anti-CSRF defense. However, no framework can prevent all attack vectors that exist in the web. Therefore, developers need to be aware of some dangers and common attack vectors concerning CSRF defenses.

23 January 2021

Unit and Integration Tests

Let’s refresh our mind about what we developed so far in the introduction to vert.x series. We forgot an important task. We didn’t test the API.

Clement Escoffier