Are OCLC products updated against the Log4j vulnerability?
Applies to
- OCLC Products and Services
Answer
On December 10, 2020, a critical remote code execution vulnerability CVE-2021-44228, called “Log4j,” in a popular Java technology logging package was reported. OCLC immediately assessed the potential impact to products and services and took steps to mitigate potential issues.
OCLC has not detected any indication of compromise to our systems. We will continue to monitor our systems and services and will provide updates as necessary through our OCLC Community Center and listservs.
Additional information
For the most current information about OCLC systems, visit the OCLC System Status dashboard at https://oc.lc/status.