Contact
FR
FR EN
Contact
My account
FR
FR EN
17.12.21

GLPI is NOT affected by the Log4j vulnerability CVE-2021-44228

A newly revealed critical vulnerability impacting Apache Log4j was disclosed and registered as CVE-2021-44228 with the highest severity rating. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. By exploiting this vulnerability, a remote attacker could take control of the affected system.

We would like to assure all users that GLPI core and its plugins, being written in PHP and not using Log4j, are not affected by the Log4Shell vulnerability.

Exploiting this vulnerability requires a Java Virtual Machine and the org.apache.logging.log4j.core.lookup.JndiLookup Java class in a vulnerable version. None of them are included or used in GLPI distributions.

We can also confirm that:

 

  • GLPI Android Agent (writen in Java), doesn't use Log4j library, and thus is not affected by the Log4Shell vulnerability
  • GLPI Agent (writen in Perl), is not affected by the Log4Shell vulnerability

Warning: this does not prevent layers/tools potentially upstream of GLPI (reverse-proxy, firewall, etc.), or connected to GLPI, which we are not aware of in your context, from being potentially impacted.

For example, if you have a Metabase server connected to GLPI you should note that Metabase (<0.41.4) is affected by Log4j vulnerability, and you should update it ASAP!

Documentation:

 

Vous aimerez peut-être aussi ces articles

19.06.25
Avec plus de 36 ans d'histoire, Lanlink est une entreprise spécialisée dans l'infrastructure IT, le cloud, les données et l'IA, la productivité numérique, et la sécurité de l'information. Partenaire de leaders mondiaux tels que Microsoft,
13.06.25
GLPI Agent 1.15 est disponible. Nous sommes fiers d'annoncer que cette nouvelle version est fournie avec un package MSI Windows signé et des binaires Windows signés. Vous pouvez la télécharger sur le projet GitHub de GLPI Agent : https://github.com/glpi-project/glpi-agent/releases/tag/1.15. Cette version inclut quelques correctifs…
11.06.25
Nous sommes ravis de vous présenter une nouvelle fonctionnalité puissante dans notre plugin OauthSSO ! La dernière version majeure d'OauthSSO offre une compatibilité étendue avec l'ajout d'un nouveau fournisseur d'authentification : Apple. Les utilisateurs peuvent désormais se connecter avec leur compte Apple, en plus de…
09.06.25
Félicitations ! Nous sommes heureux d'annoncer notre nouveau partenaire Silver GLPI Network en Côte d'Ivoire : Synerj Expertises Fondée en octobre 2024, SYNERJ EXPERTISES est un intégrateur de solutions informatiques basé à Abidjan, en Côte d'Ivoire. Leur mission est de fournir aux entreprises des solutions sur mesure visant à les aider à...
09.06.25
Nous sommes ravis d'annoncer le lancement de notre tout nouveau centre d'aide GLPI, votre référence pour tout ce qui concerne GLPI ! GLPI est désormais plus accessible que jamais sur help.glpi-project.org ! Cet espace dédié a été conçu pour vous aider à tirer le meilleur parti de GLPI. Vous y trouverez : Étape...
09.06.25
Félicitations ! Nous sommes heureux d'annoncer notre nouveau partenaire Silver GLPI Network à Maurice : ITOM Consult ITOM Consult accompagne ses clients dans leurs choix et décisions éclairées en matière de gestion des opérations informatiques (ITOM). Leur vision globale, enrichie par une expérience multi-fournisseurs, permet...
09.06.25
Félicitations ! Nous sommes heureux d'annoncer notre nouveau partenaire Silver GLPI Network au Sénégal : Expert IS EXPERT IS est une entreprise spécialisée dans le secteur du numérique. Ses activités s'articulent autour de trois axes principaux : INFRASTRUCTURE, axée sur la mise en œuvre des systèmes d'information ; DIGITALISATION,...
09.06.25
Le 15 mai, Teclib’ a réuni ses équipes pour le Teclib’ Day 2025, un événement alliant bilan, vision et esprit d’équipe. Cette journée, organisée au Mama Shelter à Paris, a été l’occasion idéale de faire le point sur nos avancées, de remercier les équipes pour leur engagement et de renforcer nos liens grâce à…
22.05.25
Félicitations ! Nous sommes heureux d'annoncer notre nouveau partenaire Silver GLPI Network en Malaisie : Fronix SDN BHD FRONIX SDN BHD (FSB) est une organisation de services en technologies de l'information et de la communication (TIC) offrant des solutions et des services spécialisés pour les secteurs des télécommunications, des services publics, privés et gouvernementaux.
22.05.25
Congratulations! We are pleased to announce our new Silver GLPI Network partner in Spain: Consultores IT 365 Consultores IT 365 is a 100% Spanish company with over 15 years of experience, specializing in transforming ICT into a strategic engine for businesses. Their team is made up of consultants de...
14.05.25
Congratulations! We are pleased to announce our new Silver GLPI Network partner in Brazil: JMBA Soluções Founded in 2018, JMBA Soluções is an IT consulting company based in São Paulo. It focuses on Cloud computing, collaboration, data centers, networks, and security solutions, offering full sup...
09.05.25
Congratulations! We are pleased to announce our new Silver GLPI Network partner in the United States: Synapse Software For over 15 years, Synapse Software has been committed to automating business processes. Through its automation platforms, and IT service and asset management, Synapse Software help...
29.04.25
Congratulations! We are pleased to announce our new Silver GLPI Network partner in France: Catamania Catamania is a French digital consulting and services company with 1,200 employees and a turnover of €100M in 2024. Since its creation in 1999, it has supported the digital transformation of its cl...
29.04.25
Congratulations! We are pleased to announce our new Silver GLPI Network partner in Switzerland: DOS Group SA More than 2,000 companies in Switzerland and around the world trust the DOS Group for their ICT and digital solutions. With over 20 years of experience, versatile expertise, and a commitment ...
29.04.25
We are pleased to announce that GLPI Agent 1.14 is now available — update now! You can download it from the official project page on GitHub: https://github.com/glpi-project/glpi-agent/releases/tag/1.14 This version brings a few fixes and improvements, including: Regarding packages, here are the hi...
15.04.25
Congratulations to Imagunet on this tremendous achievement! From Silver to Gold! Our first Gold Partner in Latin America! After several years of collaboration, we are proud to announce that Imagunet, based in Colombia 🇨🇴, has become our first Gold Partner in the region. Imagunet is a leading s...
07.04.25
Congratulations! We are pleased to announce our new Silver GLPI Network partner in Brazil: VLCloud IT Services VLCloud is a company specialized in IT solutions and services. It is committed to thoroughly analyzing each client’s IT environment through a team of highly qualified and experienced prof...
07.04.25
We are thrilled to announce the release of a new GLPI Network plugin: Cloud Inventory! Available starting from the Basic subscription level and on the Cloud. CloudInventory allows automatic and manual synchronization of resources hosted by various cloud providers (OVH, AWS, Azure, Google Cloud, etc....
31.03.25
Congratulations! We are pleased to announce that Adactim, already a trusted GLPI Network partner in Tunisia, is now expanding its partnership in France as a new Silver GLPI Network partner! 🎉 ADACTIM France, official partner of Teclib’, stands out for its expertise in GLPI integration, IT outso...
31.03.25
Congratulations! We are pleased to announce our new Silver GLPI Network partner in Hungary: Intalion Intalion Rendszerintegrátor Kft. specializes in IT system integration and service management, helping companies streamline operations and improve efficiency. As a GLPI partner, they offer customized...
1 2 3 15
chevron-right linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram