Are OCLC products updated against the Log4j vulnerability?

Last updated
Save as PDF

Applies to

OCLC Products and Services

Answer

On December 10, 2020, a critical remote code execution vulnerability CVE-2021-44228, called “Log4j,” in a popular Java technology logging package was reported. OCLC immediately assessed the potential impact to products and services and took steps to mitigate potential issues.

OCLC has not detected any indication of compromise to our systems. We will continue to monitor our systems and services and will provide updates as necessary through our OCLC Community Center and listservs.

Additional information

For the most current information about OCLC systems, visit the OCLC System Status dashboard at https://oc.lc/status.

EZproxy status for Log4j

ILLiad status for Log4j

Page ID

40514