Is there a place where I can get the official response/stance to critical vulnerabilities, or will something be posted here in the community forum concerning CVE-2021-44228?
This is the statement from Sensu:
We want to assure our users that neither Sensu Classic, nor Sensu Go are impacted by this vulnerability since we do not use the affected library.
The only area which could be impacted would be any community/third party plug-in which uses log4j and we highly recommend doing an audit of your plugins in use to verify they are not using log4j.
2 Likes
Hey folks, so the only known 3rd party plugin that even uses Java is the Hbase plugin: GitHub - sensu-plugins/sensu-plugins-hbase: Add a description. So if you’re using that plugin, you’ll want to make sure that your Java version is updated.