No image

Bad Bug: NVD-CVE-2021-44228: Apache Log4j2

In review, this is not a good bug. In fact, it appears to be rated the highest in severity. More details about the Log4j2 bug >>

As far as aMiSTACX deployments:


Any deployment specific to Magento 2, and any version that is using Elasticsearch; however, Elasticsearch states NO direct impact:

Elasticsearch is not susceptible to remote code execution with this vulnerability due to our use of the Java Security Manager, however we are making a fix available for an information leakage attack also associated with this vulnerability. Additional details below

More info on ES and Apache Log4j2>>



For ubuntu OS, more information is required >>



For customers that are making use of our catalog search module that depends on Apache Solr, then please follow these steps:

  • Contact aMiSTACX for patch
  • Test in Development first!
  • Upload zip contents to /home/ubuntu and designate file executable.
  • Run via sudo ./
  • Select menu item 1 or 2. Selection 2 is upgrade to log4j.
    More info here >>



If you are using our recommended CDN, Cloudflare, then their teams have already been proactive.

Tip: Make sure you use A51 w/ IP origin lists to keep only Cloudflare traffic hitting your EC2 servers.