Following frequent requests we’ve received about whether VictoriaMetrics was impacted by recent Log4j vulnerabilities (CVE-2021–44228, CVE-2021–45046) this post is an official confirmation that neither the VictoriaMetrics time series database (TSDB) nor other related tools distributed under the VictoriaMetrics organization are impacted by them.
All our OpenSource and Enterprise applications and tools are written in Go, and we don’t use any Java libraries. Our products are open source and are available for inspection on GitHub.
We have a very strict approach when it comes to 3rd party dependencies and keep them as low as possible in order to always be in control.
If you still have concerns or additional questions with regards to Log4j vulnerabilities, please contact us via email at firstname.lastname@example.org or via our community platforms.