Log4j Vulnerability Status
On December 13th, 2021 the US Cyber Security & Infrastructure Security Agency released an alert about a log4j vulnerabilities referred to as Log4j.
This security vulnerability has been designated as CVE-2021-44228.
The TrueNAS CORE 12.x releases, the TrueNAS SCALE 22.02 RC releases, and TrueCommand 2.x do not utilize log4j, and as a result iXsystems is pleased to report that these products are not vulnerable.
However, iXsystems always encourages users to keep their TrueNAS and TrueCommand systems up to date to ensure they are running with the latest security patches at all times. If your systems have updates available, please update them at the earliest opportunity. If you have a support contract with iXsystems and need assistance or have other questions feel free to reach out to your Support representative.