#About Log4Shell Vulnerability for SaaS Users

#Security Update

As you are an Akeneo SaaS user, we have good news for you. Serenity/GrowthEdition/SharedCatalogs are NOT impacted by the Apache Log4j Java critical security vulnerability that was disclosed on Friday, December the 10th 2021, thanks to our ability to continuously upgrade and maintain our services. No action is needed from you and your Akeneo instance remains secure.

#Additional information

You may have heard about a global critical vulnerability disclosed Friday, December the 10th 2021, which has the potential to affect a lot of online services and companies. This vulnerability comes from a Java logging library. Just after the publication of this vulnerability (CVE-2021-44228, or Log4shell), we closely examined any related impacts to Akeneo, assessed our exposure, and came to the following statement:

  1. As PHP applications, our main software is not impacted;

  2. We use Elasticsearch (from Elastic) as a technical component

We have concluded that there is no security vulnerability for you, as a SaaS customer.


Found a typo or a hole in the documentation and feel like contributing?
Join us on Github!