Our team has investigated CVE-2021-44228, a critical vulnerability that’s affecting a Java logging package log4j which is used in a significant amount of software, including Apache, Apple iCloud, Steam, Minecraft, and others for the logging errors.
At this point, we have not identified an impact on the CloudMate Hosting Platform, but our teams are regularly checking vulnerabilities to ensure the security of our system is safe.If your organization uses the log4j library, you should upgrade to log4j-2.15.0.rc2 immediately.
cPanel/WHM:
We have also identified that this vulnerability affects cPanel/WHM plugin "Full Text Search Indexing for IMAP powered by Apache Solr™". cPanel has published an update for the mitigation of the vulnerability in the package "cpanel-dovecot-solr".
If you use this plugin, please update it using:yum update cpanel-dovecot-solr
OR/scripts/upcp
To verify that the patches were successful, run:rpm -q --changelog cpanel-dovecot-solr | grep -B1 CPANEL-39455If the mitigation was successful, you will see the following output:
# rpm -q --changelog cpanel-dovecot-solr | grep -B1 CPANEL-39455 * Fri Dec 10 2021 Tim Mullin <tim@cpanel.net> - 8.8.2-4.cp1180 - CPANEL-39455: Add mitigation for CVE-2021-44228
The cPanel Solr plugin is the only software provided and supported by cPanel that contains log4j.
Apache:
If you use Apache WebServer, please update it to version v2.4.38. You can update Apache through APT or YUM repository.
