As the Apache Log4j vulnerability (CVE-2021-44228) was disclosed on Dec 09, 2021, your z/Trim and Consumption Insights for z/OS teams have been actively monitoring the issue and assessing its impact on these products.
It has been determined that z/Trim 3.0 and Consumption Insights for z/OS do not contain a version of Log4j that is impacted by the vulnerability.
However, z/Trim 2.0 does contain a version of Log4j with this vulnerability. The issue can be mitigated by the following action:
- Upgrade to z/Trim 3.0. This action necessitates an upgrade of Elasticsearch, which includes a need to migrate the data.
Please feel free to reach out to support or product management should you have any questions or concerns regarding z/Trim and the Apache Log4j security vulnerability.
------------------------------
John Crossno
Director, Product Management
Rocket Forum Shared Account
------------------------------