Wowza Logo Wowza Icon
Wowza Video Sign Out
Talk to an Expert Free Trial
Wowza Video Sign Out

Wowza Community

LATEST UPDATES HERE: Apache Lib4j2 2.17 CVE-2021-44228 & CVE-2021-45046

Wowza Streaming Engine
#1

I am posting this and pinning it since the other post on lib4j2 has gotten too long and confusing for people.

THE LATEST UPDATE 12.20.21

Update your Wowza Streaming Engine instance to fix the security vulnerability with Apache Log4j2 versions earlier than 2.16.0 (CVE-2021-44228 & CVE-2021-45046).

The updater uses the latest Apache Log4j v2.17 files.

This was completed Monday December 20th based on new information from Apache.

Wowza has verified after running the updater that there are no current issues when scanning the server and that it meets the required mitigation action according to Apache.

The doc and instructions can be found here.

https://www.wowza.com/docs/update-for-apache-log4j2-security-vulnerability

ALSO! Yes, there will be a new Streaming Engine version coming out that addresses all of this once we know that Apache will not release another new version of the log4j2 library (for a while anyways).

At this time, Apache is doing what it needs to and is releasing new versions, so please use the Streaming Engine updater for now. I’ll keep you up to date. Thanks!

Could you please suggest the mitigation steps to fix this log4j vulnerabilities
#2
#3

© 2007–2024 Wowza Media Systems, LLC. All rights reserved.   Security & Privacy PolicyLegalSystem Status