Periodically, serious flaws are exposed in common software infrastructure that’s used everywhere. Once the flaw is discovered, vendors such as MarkLogic have to figure out what the impact is, who might be affected, and notify them as quickly as possible.
This time, the flaw emerged in a widely used error-logging Java library – Log4j. Theoretically, an attacker could execute remote code, which makes it serious.
The Log4j library is not used directly in the MarkLogic server itself, so database security is not affected. However, Log4j is used in our customers’ environments, especially as part of a managed cluster on AWS, hence quite important.
The quick summary can be found here in our KnowledgeBase, with full instructions to determine whether your environment is impacted.
Thank you again for being a MarkLogic customer, and giving us the opportunity to serve you!
No, it does not. However, it potentially might lead to an intrusion within the environment that the database runs in, so it should be considered serious.
Yes. Please contact MarkLogic support if you think you are affected.
No, not at this time, but this is a serious flaw that is likely to be exploited before long.
Chuck joined the MarkLogic team in 2021, coming from Oracle as SVP Portfolio Management. Prior to Oracle, he was at VMware working on virtual storage. Chuck came to VMware after almost 20 years at EMC, working in a variety of field, product, and alliance leadership roles.
Chuck lives in Vero Beach, Florida with his wife and three dogs. He enjoys discussing the big ideas that are shaping the IT industry.
Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.
Learn MoreSubscribe to get all the news, info and tutorials you need to build better business apps and sites
Progress collects the Personal Information set out in our Privacy Policy and the Supplemental Privacy notice for residents of California and other US States and uses it for the purposes stated in that policy.
You can also ask us not to share your Personal Information to third parties here: Do Not Sell or Share My Info
We see that you have already chosen to receive marketing materials from us. If you wish to change this at any time you may do so by clicking here.
Thank you for your continued interest in Progress. Based on either your previous activity on our websites or our ongoing relationship, we will keep you updated on our products, solutions, services, company news and events. If you decide that you want to be removed from our mailing lists at any time, you can change your contact preferences by clicking here.