Apache Log4j Remote Code Execution (RCE) Vulnerability in Gitlab CE


I am using Gitlab Community verison 14.4.2 in a docker container.
My Gitlab instance is not exposed to internet.
I wanted to know is Gitlab CE affected by the Apache Log4j Remote Code Execution (RCE) Vulnerability?
I am not using any SAST or Dependency Scanning analyzers.
I was following this article Updates and actions to address Log4j CVE 2021 44228 and CVE 2021 45046 in GitLab | GitLab but didnt find the answers i was looking for.

What actions do i need to take?
Do i need to update Gitlab to its latest version?
Or Gitlab CE 14.4.2 is not affected by this vulnerability?

Please suggest

Thank you.

Hi, search the forums. There has already been posts on it. Open the search tool, put log4j and read the posts. It saves people repeating themselves :slight_smile:

But in short, Gitlab doesn’t use it. But if you are using the security scanner, sast, etc, then you will need to do things as per the post you linked. All the info is in the link you posted, especially if you click the links related to sast.

1 Like